CVE-2023-54212

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the ALSA PCM subsystem due to missing locking in ctl elem read user and ctl elem write user. This can be triggered through code paths using the SNDRV CTL IOCTL ELEM READ ioctl, particularly in 32-bit compatibility mode where the lock is not properly held during snd ctl elem read. The issue is addressed by moving the rwsem lock inside snd ctl elem read to prevent the use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.