CVE-2023-53465

01.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

soundwire: qcom: fix storing port config out-of-bounds

The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14),
however we index it starting from 1, not 0, to match real port numbers.
This can lead to writing port config past 'pconfig' bounds and
overwriting next member of 'qcom_swrm_ctrl' struct. Reported also by
smatch:

drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow 'ctrl->pconfig' 14 <= 14

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.8-1 fixed
sid	6.16.9-1 fixed

References

https://git.kernel.org/stable/c/20f7c4d51c94abb1a1a7c21900db4fb5afe5c8ff

https://git.kernel.org/stable/c/32eb67d7360d48c15883e0d21b29c0aab9da022e

https://git.kernel.org/stable/c/490937d479abe5f6584e69b96df066bc87be92e9

https://git.kernel.org/stable/c/801daff0078087b5df9145c9f5e643c28129734b