{ "threat_severity" : "Moderate", "public_date" : "2025-12-30T00:00:00Z", "bugzilla" : { "description" : "kernel: soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow", "id" : "2426250", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426250" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-911", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsoundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow\nThis reverts commit\n443a98e649b4 (\"soundwire: bus: use pm_runtime_resume_and_get()\")\nChange calls to pm_runtime_resume_and_get() back to pm_runtime_get_sync().\nThis fixes a usage count underrun caused by doing a pm_runtime_put() even\nthough pm_runtime_resume_and_get() returned an error.\nThe three affected functions ignore -EACCES error from trying to get\npm_runtime, and carry on, including a put at the end of the function.\nBut pm_runtime_resume_and_get() does not increment the usage count if it\nreturns an error. So in the -EACCES case you must not call\npm_runtime_put().\nThe documentation for pm_runtime_get_sync() says:\n\"Consider using pm_runtime_resume_and_get() ... as this is likely to\nresult in cleaner code.\"\nIn this case I don't think it results in cleaner code because the\npm_runtime_put() at the end of the function would have to be conditional on\nthe return value from pm_runtime_resume_and_get() at the top of the\nfunction.\npm_runtime_get_sync() doesn't have this problem because it always\nincrements the count, so always needs a put. The code can just flow through\nand do the pm_runtime_put() unconditionally.", "A reference count underflow flaw was found in the Linux kernel's SoundWire bus driver. When pm_runtime_resume_and_get() returns an error (-EACCES), the code continues execution and calls pm_runtime_put() at the end, even though the usage count was never incremented. This causes a usage count underflow in the runtime power management subsystem." ], "statement" : "This affects systems with SoundWire audio hardware. The underflow can cause power management state inconsistencies but typically does not crash the system. The issue occurs only in specific error scenarios during device power state transitions.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54259\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54259\nhttps://lore.kernel.org/linux-cve-announce/2025123057-CVE-2023-54259-64ee@gregkh/T" ], "name" : "CVE-2023-54259", "csaw" : false }