CVE-2023-52663

MEDIUM

Linux Kernel - Use-After-Free in ASoC SOF AMD Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak. Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec

Patch

https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8

Patch

https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b

Patch

https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 12.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (11)

Linux/Linux < 6.6

Linux/Linux 6.6

Linux/Linux 6.6.23 - 6.6.*

Linux/Linux 6.7.11 - 6.7.*

Linux/Linux 6.8.2 - 6.8.*

Linux/Linux 6.9

Linux/Linux f7da88003c53cf0eedabe609324a047b1921dfcc - 222be59e5eed1554119294edc743ee548c2371d0

Linux/Linux f7da88003c53cf0eedabe609324a047b1921dfcc - 7296152e58858f928db448826eb7ba5ae611297b

Linux/Linux f7da88003c53cf0eedabe609324a047b1921dfcc - 88028c45d5871dfc449b2b0a27abf6428453a5ec

Linux/Linux f7da88003c53cf0eedabe609324a047b1921dfcc - be4760799c6a7c01184467287f0de41e0dd255f8

... and 1 more

Published May 17, 2024

Tracked Since Feb 18, 2026