CVE-2023-54245

EUVD-2023-60396

30.12.2025, 13:16

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds

When we run syzkaller we get below Out of Bound.
    "KASAN: slab-out-of-bounds Read in regcache_flat_read"

    Below is the backtrace of the issue:

    dump_backtrace+0x0/0x4c8
    show_stack+0x34/0x44
    dump_stack_lvl+0xd8/0x118
    print_address_description+0x30/0x2d8
    kasan_report+0x158/0x198
    __asan_report_load4_noabort+0x44/0x50
    regcache_flat_read+0x10c/0x110
    regcache_read+0xf4/0x180
    _regmap_read+0xc4/0x278
    _regmap_update_bits+0x130/0x290
    regmap_update_bits_base+0xc0/0x15c
    snd_soc_component_update_bits+0xa8/0x22c
    snd_soc_component_write_field+0x68/0xd4
    tx_macro_digital_mute+0xec/0x140

    Actually There is no need to have decimator with 32 bits.
    By limiting the variable with short type u8 issue is resolved.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

References

https://git.kernel.org/stable/c/57f9a9a232bde7abfe49c3072b29a255da9ba891

https://git.kernel.org/stable/c/b0cd740a31412340fead50e69e4fe9bc3781c754

https://git.kernel.org/stable/c/da35a4e6eee5d73886312e85322a6e97df901987

https://git.kernel.org/stable/c/e5e7e398f6bb7918dab0612eb6991f7bae95520d