CVE-2023-52988

CVE-2023-52988 is an array out-of-bounds access vulnerability in the Linux kernel's ALSA subsystem, specifically affecting the HDA/VIA codec driver in the function add_secret_dac_path(). The issue arises when snd_hda_get_connections() returns a negative error code, which is not properly handled, leading to access of the 'conn' array at a negative index. This flaw, classified under CWE-129 (Improper Validation of Array Index), was identified by the Linux Verification Center (linuxtesting.org) using the SVACE static analysis tool. The vulnerability carries a CVSS v3.1 base score of 7.8.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), as it has local attack vector (AV:L) and unchanged scope (S:U). Successful exploitation could result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data corruption, or system crashes by triggering the affected code path in the ALSA HDA/VIA driver.

Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references. These include fixes such as 1b9256c96220bcdba287eeeb90e7c910c77f8c46, 2b557fa635e7487f638c0f030c305870839eeda2, 437e50ef6290ac835d526d0e45f466a0aa69ba1b, 6e1f586ddec48d71016b81acf68ba9f49ca54db8, and b9cee506da2b7920b5ea02ccd8e78a907d0ee7aa, which add proper error checking to prevent the invalid array access. Security practitioners should ensure systems with vulnerable VIA HD-audio codecs update to patched kernel versions.