CVE-2023-53465

EUVD-2025-32803

01.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

soundwire: qcom: fix storing port config out-of-bounds

The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14),
however we index it starting from 1, not 0, to match real port numbers.
This can lead to writing port config past 'pconfig' bounds and
overwriting next member of 'qcom_swrm_ctrl' struct. Reported also by
smatch:

drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow 'ctrl->pconfig' 14 <= 14

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.13 ≤ 𝑥 < 5.15.121
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.40
linux	linux_kernel	6.2 ≤ 𝑥 < 6.4.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
forky	6.16.8-1 fixed
sid	6.16.9-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://git.kernel.org/stable/c/20f7c4d51c94abb1a1a7c21900db4fb5afe5c8ff

https://git.kernel.org/stable/c/32eb67d7360d48c15883e0d21b29c0aab9da022e

https://git.kernel.org/stable/c/490937d479abe5f6584e69b96df066bc87be92e9

https://git.kernel.org/stable/c/801daff0078087b5df9145c9f5e643c28129734b