VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2023-53842

CVE-2023-53842

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove

The MBHC resources must be released on component probe failure and removal so can not be tied to the lifetime of the component device.

This is specifically needed to allow probe deferrals of the sound card which otherwise fails when reprobing the codec component:

snd-sc8280xp sound: ASoC: failed to instantiate card -517 genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr) wcd938x_codec audio-codec: Failed to request mbhc interrupts -16 wcd938x_codec audio-codec: mbhc initialization failed wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16 snd-sc8280xp sound: ASoC: failed to instantiate card -16

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A resource leak in the Linux kernel's wcd-mbhc-v2 driver causes probe deferral failure and interrupts misconfiguration, fixed by releasing MBHC resources on component removal.

Vulnerability

In the Linux kernel ASoC codecs subsystem, the wcd-mbhc-v2 driver tied MBHC (Multi-Button Headset Control) resources to the lifetime of the component device. This meant that resources were not properly released on component probe failure or removal, leading to stale interrupt registrations and resource leaks.

Exploitation

The vulnerability is triggered during sound card initialization when probe deferrals occur. When the codec component is reprobed, the driver attempts to request interrupts that are still registered from a previous probe attempt. This results in a genirq flags mismatch error: "Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)" [1]. The failure is observed in the kernel log as "Failed to request mbhc interrupts -16" and "mbhc initialization failed", ultimately causing the sound card instantiation to fail with -16 (EBUSY).

Impact

An attacker with local access to trigger reprobe events on affected systems can cause persistent denial of service by preventing the sound card from being instantiated. The error is reproducible by triggering probe deferral of the sound card via snd-sc8280xp driver, which leads to complete loss of audio functionality until the kernel is rebooted.

Mitigation

The fix is included in Linux kernel stable releases via commits [1] and [2]. The patch ensures that MBHC resources are released on component probe failure and removal, decoupling them from the component device lifetime. Users should update to a kernel version containing these commits.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
90ab6446eb52
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
17feff71d06c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ce4059e1c0ac
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a5475829adcc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.