Linux Kernel Vulnerability in ALSA HDA Surround Channel Handling
CVE-2023-53400

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2025

What is CVE-2023-53400?

A vulnerability exists in the Linux Kernel's Advanced Linux Sound Architecture (ALSA) subsystem that could lead to buffer overflow when handling 9.1 surround channel names. Specifically, the function get_line_out_pfx() has been identified to trigger an Oops error due to overflow when more than 8 channels are processed. This issue, observed in MacBookPro 12,1 models equipped with Cirrus codecs, necessitated the implementation of a fix to extend support for 9.1 channel configurations appropriately. A workaround has been introduced to unify code paths and incorporate necessary size checks to prevent this type of overflow, thereby enhancing system stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 247d85ee068610c50d66ee0cd3130e02c69f5f2e < 082dcd51667b29097500c824c37f24da997a6a8a

Linux 247d85ee068610c50d66ee0cd3130e02c69f5f2e

Linux 247d85ee068610c50d66ee0cd3130e02c69f5f2e < 4ef155ddf9578bf035964d58739fdcd7dd44b4a4

References

https://git.kernel.org/stable/c/082dcd51667b29097500c824c...
https://git.kernel.org/stable/c/b5694aae4c2d9a288bafce7d3...
https://git.kernel.org/stable/c/4ef155ddf9578bf035964d587...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.