PT-2025-54154 · Linux+1 · Linux Kernel+1
Published
2023-03-29
·
Updated
2026-01-01
·
CVE-2023-54308
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.2.7
Description
The Linux kernel contained an issue in the ALSA subsystem, specifically within the ymfpci driver. A missing call to
snd devm card new() after the removal of snd card ymfpci remove() resulted in a memory leak and potential Oops errors when unloading the module. This occurred because the snd card free function was no longer called, leading to unreleased resources.Recommendations
Update to Linux kernel version 6.2.7 or later.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Ymfpci Driver