CVE-2023-53400

EUVD-2025-29934
In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix Oops by 9.1 surround channel names

get_line_out_pfx() may trigger an Oops by overflowing the static array
with more than 8 channels.  This was reported for MacBookPro 12,1 with
Cirrus codec.

As a workaround, extend for the 9.1 channels and also fix the
potential Oops by unifying the code paths accessing the same array
with the proper size check.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
< 4.14.316
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.284
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.244
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.181
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.113
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.30
linuxlinux_kernel
6.2 ≤
𝑥
< 6.3.4
linuxlinux_kernel
6.4:rc1
linuxlinux_kernel
6.4:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
References
https://git.kernel.org/stable/c/082dcd51667b29097500c824c37f24da997a6a8a
https://git.kernel.org/stable/c/3b44ec8c5c44790a82f07e90db45643c762878c6
https://git.kernel.org/stable/c/4ef155ddf9578bf035964d58739fdcd7dd44b4a4
https://git.kernel.org/stable/c/546b1f5f45a355ae0d3a8041cdaca597dfcac825
https://git.kernel.org/stable/c/b5694aae4c2d9a288bafce7d38f122769e0428e6
https://git.kernel.org/stable/c/dc8c569d59f17b17d7bca4f68c36bd571659921e
https://git.kernel.org/stable/c/e8c7d7c43d5edd20e518fe1dfb2371d1fe6e8bb8
https://git.kernel.org/stable/c/fcf637461019e9a5a0c12fc5c42a9db1779b0634