CVE-2023-54259
Unknown Unknown - Not Provided
Use-After-Free in Linux Soundwire pm_runtime Reference Counting

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow This reverts commit 443a98e649b4 ("soundwire: bus: use pm_runtime_resume_and_get()") Change calls to pm_runtime_resume_and_get() back to pm_runtime_get_sync(). This fixes a usage count underrun caused by doing a pm_runtime_put() even though pm_runtime_resume_and_get() returned an error. The three affected functions ignore -EACCES error from trying to get pm_runtime, and carry on, including a put at the end of the function. But pm_runtime_resume_and_get() does not increment the usage count if it returns an error. So in the -EACCES case you must not call pm_runtime_put(). The documentation for pm_runtime_get_sync() says: "Consider using pm_runtime_resume_and_get() ... as this is likely to result in cleaner code." In this case I don't think it results in cleaner code because the pm_runtime_put() at the end of the function would have to be conditional on the return value from pm_runtime_resume_and_get() at the top of the function. pm_runtime_get_sync() doesn't have this problem because it always increments the count, so always needs a put. The code can just flow through and do the pm_runtime_put() unconditionally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54259
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's soundwire bus code involves an unbalanced call to pm_runtime_put(), which causes a usage count underflow. Specifically, the code was changed to use pm_runtime_resume_and_get(), but this function does not increment the usage count if it returns an error (such as -EACCES). Despite this, the code still calls pm_runtime_put() unconditionally, leading to an underflow of the usage count. The fix reverts to using pm_runtime_get_sync(), which always increments the usage count and thus requires a matching pm_runtime_put(), preventing the underflow.

Impact Analysis

The impact of this vulnerability is that the usage count underflow caused by unbalanced pm_runtime_put() calls can lead to incorrect power management behavior in the soundwire bus subsystem of the Linux kernel. This could potentially cause system instability or unexpected device power state changes, affecting system reliability.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the soundwire bus code has been fixed by reverting the use of pm_runtime_resume_and_get() back to pm_runtime_get_sync(). This prevents the usage count underflow caused by unbalanced pm_runtime_put() calls. Applying the patch or kernel update that addresses this issue is the immediate step to take.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart