CVE-2023-54072Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
6.3MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size. Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, a

Affected Packages4 packages

Linuxlinux/linux_kernel5.6.05.10.193+3
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux95b30a4312545f2dde9db12bf6a425f35d5a0d777e1d1456c8db9949459c5a24e8845cfe92430b0f+6
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-xx23-73hr-9p64: In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memo2025-12-24
OSV
CVE-2023-54072: In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory2025-12-24
OSV
ALSA: pcm: Fix potential data race at PCM memory allocation helpers2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of service or memory corruption due to a data race in ALSA PCM memory allocation2025-12-24
Debian
CVE-2023-54072: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54072 Impact, Exploitability, and Mitigation Steps | Wiz