{ "threat_severity" : "Low", "public_date" : "2025-12-09T00:00:00Z", "bugzilla" : { "description" : "kernel: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove", "id" : "2420310", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420310" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove\nThe MBHC resources must be released on component probe failure and\nremoval so can not be tied to the lifetime of the component device.\nThis is specifically needed to allow probe deferrals of the sound card\nwhich otherwise fails when reprobing the codec component:\nsnd-sc8280xp sound: ASoC: failed to instantiate card -517\ngenirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)\nwcd938x_codec audio-codec: Failed to request mbhc interrupts -16\nwcd938x_codec audio-codec: mbhc initialization failed\nwcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16\nsnd-sc8280xp sound: ASoC: failed to instantiate card -16", "A resource leak was found in the WCD MBHC v2 audio codec driver in the Linux kernel. MBHC resources are not properly released on component probe failure or removal, causing interrupt request failures and preventing successful reprobing of the codec component. This leads to sound card initialization failures after probe deferrals." ], "statement" : "This issue affects Qualcomm WCD audio codec hardware found in specific ARM-based platforms. Standard x86 server and desktop systems do not include this hardware and are unaffected.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53842\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53842\nhttps://lore.kernel.org/linux-cve-announce/2025120957-CVE-2023-53842-d1e7@gregkh/T" ], "name" : "CVE-2023-53842", "csaw" : false }