CVE-2023-54096
Improper Signaling in Linux Soundwire Causes Memory Corruption
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's soundwire subsystem. It involves the improper handling of completion structures used to signal when a soundwire device has been enumerated and initialized. The signaling code is broken because it does not notify all current and future waiters and uses the wrong reinitialization function. This can lead to memory corruption if waiters remain on the queue. Additionally, it causes issues with sound card probe deferrals and codec runtime power management, leading to timeouts even when the device is already enumerated.
How can this vulnerability impact me? :
This vulnerability can cause memory corruption in the Linux kernel if there are still waiters on the queue due to improper signaling. It can also disrupt sound card probe deferrals because codec drivers cannot detect that the soundwire device is already attached during reprobe. Furthermore, some codec runtime power management implementations may experience timeouts during resume, even though the device has already been enumerated, potentially affecting system stability and audio functionality.
What immediate steps should I take to mitigate this vulnerability?
Apply the updated Linux kernel patch that fixes the soundwire enumeration completion issue to ensure proper signalling and prevent potential memory corruption and probe deferral problems.