Linux Kernel Vulnerability in ALSA HDA Surround Channel Handling

CVE-2023-53400

What is CVE-2023-53400?

A vulnerability exists in the Linux Kernel's Advanced Linux Sound Architecture (ALSA) subsystem that could lead to buffer overflow when handling 9.1 surround channel names. Specifically, the function get_line_out_pfx() has been identified to trigger an Oops error due to overflow when more than 8 channels are processed. This issue, observed in MacBookPro 12,1 models equipped with Cirrus codecs, necessitated the implementation of a fix to extend support for 9.1 channel configurations appropriately. A workaround has been introduced to unify code paths and incorporate necessary size checks to prevent this type of overflow, thereby enhancing system stability and security.

References