CVE-2023-54072
Unknown Unknown - Not Provided
Race Condition in Linux ALSA PCM Memory Allocation Helpers

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size. Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, and it's not possible to allocate unlimitedly. But it's still better to address this for more consistent behavior. The patch covers the size check in do_alloc_pages() with the card->memory_mutex, and increases the allocated size there for preventing the further overflow. When the actual allocation fails, the size is decreased accordingly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54072
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's ALSA PCM memory allocation helpers. There is a potential data race because the sanity check against too many buffer allocations is done without proper locking, allowing a user to allocate more memory than the predefined maximum size. Although this is more of a soft limit and does not allow unlimited allocation, it can cause inconsistent behavior. The fix involves adding proper locking with a mutex to serialize allocations and adjusting the allocated size to prevent overflow.

Impact Analysis

The impact of this vulnerability is relatively minor since it only allows allocation beyond a soft limit rather than unlimited memory allocation. However, it can lead to inconsistent behavior in memory allocation for PCM buffers, which might affect system stability or reliability in audio processing scenarios.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the patch fixing the ALSA PCM memory allocation helpers to ensure proper locking and serialized allocation. This will prevent potential data races and inconsistent behavior related to PCM memory allocation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart