CVE-2023-54072
Description
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix potential data race at PCM memory allocation helpers
The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size.
Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, and it's not possible to allocate unlimitedly. But it's still better to address this for more consistent behavior.
The patch covers the size check in do_alloc_pages() with the card->memory_mutex, and increases the allocated size there for preventing the further overflow. When the actual allocation fails, the size is decreased accordingly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A data race in Linux kernel's ALSA PCM memory allocation helpers allows users to exceed the predefined maximum buffer allocation limit.
Vulnerability
Analysis
CVE-2023-54072 describes a data race in the Linux kernel's ALSA PCM subsystem. The issue resides in the do_alloc_pages() helper, which performs a sanity check against too many buffer allocations. However, this check is executed without holding the proper lock (the proper lock, specifically card->memory_mutex, and the allocation itself is not serialized. This race condition allows a user to allocate more memory than the predefined maximum size, effectively bypassing the intended soft limit.
The attack surface involves unprivileged access to the ALSA PCM interface. The vulnerability can be triggered by a user with the ability to initiate multiple PCM buffer allocations concurrently. The race condition means that the check for total allocated size is evaluated using stale data, allowing new allocations to proceed even when the limit has been reached. No authentication beyond having a user account capable of accessing the sound device is required; the attacker must be able to run code on the system with appropriate permissions to allocate PCM buffers.
In practice, this is considered a soft-limit bypass rather than a severe security issue. The impact is limited because it is not possible to allocate unlimited memory; the system will eventually run out of memory or hit other constraints. However, an attacker could cause excessive memory consumption, potentially leading to denial of service by exhausting memory resources, or cause unexpected behavior in audio subsystems. The kernel lacks proper synchronization, making the limit ineffective in a multithreaded scenario.
The patch fixes the race by covering the size check with the card->memory_mutex and correctly updating the allocated size under lock. On allocation failure, the size is decreased accordingly. The fix has been backported to stable kernel trees, as indicated by commits [1], [2], and [3]. Users are advised to update their kernels to include the patch. No workaround other than applying the kernel update is available, as the issue exists in the core ALSA code.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
67e1d1456c8db7e11c58b2620a0ab49e7a7583eb4e47a94e3773ccad902f6bd55842ed998Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/3eb4e47a94e3f76521d7d344696db61e6a9619c7nvd
- git.kernel.org/stable/c/773ccad902f67583a58b5650a2f8d8daf2e76facnvd
- git.kernel.org/stable/c/7e11c58b2620a22c67a5ae28d64ce383890ee9f4nvd
- git.kernel.org/stable/c/7e1d1456c8db9949459c5a24e8845cfe92430b0fnvd
- git.kernel.org/stable/c/a0ab49e7a758b488b2090171a75d50735c0876f6nvd
- git.kernel.org/stable/c/bd55842ed998a622ba6611fe59b3358c9f76773dnvd
News mentions
0No linked articles in our index yet.