CVE-2023-53640
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2026-02-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use_after_free out of bounds When we run syzkaller we get below Out of Bounds error. "KASAN: slab-out-of-bounds Read in regcache_flat_read" Below is the backtrace of the issue: BUG: KASAN: slab-out-of-bounds in regcache_flat_read+0x10c/0x110 Read of size 4 at addr ffffff8088fbf714 by task syz-executor.4/14144 CPU: 6 PID: 14144 Comm: syz-executor.4 Tainted: G W Hardware name: Qualcomm Technologies, Inc. sc7280 CRD platform (rev5+) (DT) Call trace: dump_backtrace+0x0/0x4ec show_stack+0x34/0x50 dump_stack_lvl+0xdc/0x11c print_address_description+0x30/0x2d8 kasan_report+0x178/0x1e4 __asan_report_load4_noabort+0x44/0x50 regcache_flat_read+0x10c/0x110 regcache_read+0xf8/0x5a0 _regmap_read+0x45c/0x86c _regmap_update_bits+0x128/0x290 regmap_update_bits_base+0xc0/0x15c snd_soc_component_update_bits+0xa8/0x22c snd_soc_component_write_field+0x68/0xd4 tx_macro_put_dec_enum+0x1d0/0x268 snd_ctl_elem_write+0x288/0x474 By Error checking and checking valid values issue gets rectifies.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53640
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.4
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free out-of-bounds error in the Linux kernel's ASoC lpass component. It occurs during a read operation in the regcache_flat_read function, causing an out-of-bounds memory access detected by KASAN (Kernel Address Sanitizer). The issue arises from improper error checking and invalid value handling, which has been fixed by adding proper validation to prevent the out-of-bounds read.

Impact Analysis

This vulnerability can lead to a kernel crash or undefined behavior due to out-of-bounds memory access, potentially causing system instability or denial of service. Since it involves a use-after-free error, it might also be exploitable to execute arbitrary code or escalate privileges, depending on the context and attacker capabilities.

Detection Guidance

This vulnerability can be detected by observing KASAN (Kernel Address Sanitizer) slab-out-of-bounds errors in the kernel logs, specifically errors like "KASAN: slab-out-of-bounds Read in regcache_flat_read". Running kernel fuzzing tools such as syzkaller may trigger this error. You can check for such errors by examining the kernel log with commands like `dmesg | grep KASAN` or `journalctl -k | grep KASAN`.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed. The fix involves error checking and validating values in the affected ASoC lpass component to prevent use-after-free and out-of-bounds access. Until an update is applied, monitoring for KASAN errors and avoiding running fuzzing tools like syzkaller on production systems can reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart