CVE-2023-54308Incomplete Cleanup in Linux

CWE-459Incomplete Cleanup7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snd_devm_card_new() snd_card_ymfpci_remove() was removed in commit c6e6bb5eab74 ("ALSA: ymfpci: Allocate resources with device-managed APIs"), but the call to snd_card_new() was not replaced with snd_devm_card_new(). Since there was no longer a call to snd_card_free, unloading the module would eventually result in Oops: [697561.532887] BUG: unable to handle page fault for address

Affected Packages4 packages

Linuxlinux/linux_kernel5.15.05.15.106+2
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxc6e6bb5eab7457a938c0405d5ccf319d3ee735c195642872c466030240199ba796a40771c493ed0c+4
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
OSV
ALSA: ymfpci: Create card with device-managed snd_devm_card_new()2025-12-30
GHSA
GHSA-3j26-wpvv-9xc2: In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snd_devm_card_new() snd_card_ymfpc2025-12-30
OSV
CVE-2023-54308: In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snd_devm_card_new() snd_card_ymfpci_2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: ALSA: ymfpci: Create card with device-managed snd_devm_card_new()2025-12-30
Debian
CVE-2023-54308: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpc...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54308 Impact, Exploitability, and Mitigation Steps | Wiz