CVE-2023-54096Missing Synchronization in Linux

CWE-820Missing Synchronization7 documents6 sources
Severity
6.1MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for soundwire device to become enumerated on the bus and initialised by their drivers, respectively. The code implementing the signalling is currently broken as it does not signal all current and future waiters and also uses the wrong reinitialisation function, which can potentially lead to memory corruption

Affected Packages4 packages

Linuxlinux/linux_kernel5.7.05.10.190+3
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxfb9469e54fa7a7b6a8137c40ae66c41b8d0ab17548d1d0ce0782f995fda678508fdae35c5e9593f0+5
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54096: In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion2025-12-24
GHSA
GHSA-qr7q-qr63-44c5: In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completio2025-12-24
OSV
soundwire: fix enumeration completion2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel (soundwire): Memory corruption due to incorrect device enumeration completion2025-12-24
Debian
CVE-2023-54096: linux - In the Linux kernel, the following vulnerability has been resolved: soundwire: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54096 Impact, Exploitability, and Mitigation Steps | Wiz