VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54245

CVE-2023-54245

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds

When we run syzkaller we get below Out of Bound. "KASAN: slab-out-of-bounds Read in regcache_flat_read"

Below is the backtrace of the issue:

dump_backtrace+0x0/0x4c8 show_stack+0x34/0x44 dump_stack_lvl+0xd8/0x118 print_address_description+0x30/0x2d8 kasan_report+0x158/0x198 __asan_report_load4_noabort+0x44/0x50 regcache_flat_read+0x10c/0x110 regcache_read+0xf4/0x180 _regmap_read+0xc4/0x278 _regmap_update_bits+0x130/0x290 regmap_update_bits_base+0xc0/0x15c snd_soc_component_update_bits+0xa8/0x22c snd_soc_component_write_field+0x68/0xd4 tx_macro_digital_mute+0xec/0x140

Actually There is no need to have decimator with 32 bits. By limiting the variable with short type u8 issue is resolved.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds read in Linux kernel ASoC tx-macro driver due to improper variable size; fix by limiting decimator to u8.

Vulnerability

In the Linux kernel's ASoC codecs, the tx-macro driver contains a slab-out-of-bounds read vulnerability. The root cause is that the decimator variable is not properly constrained to 32 bits; it should be declared as a u8 type. This leads to an out-of-bounds access in regcache_flat_read, as reported by KASAN. [1][2]

Exploitation

The issue was discovered using syzkaller, a kernel fuzzer. No special privileges or network access are required; the vulnerability can be triggered by fuzzing the audio subsystem. The attack surface is local, requiring the attacker to interact with the sound card interface.

Impact

An attacker can trigger an out-of-bounds read, potentially causing a kernel crash or information disclosure. KASAN detects the slab-out-of-bounds, indicating memory corruption. The exact impact may vary, but it could lead to denial of service or exposure of sensitive kernel memory.

Mitigation

The fix has been applied in stable kernel commits [1] and [2]. Users should update to the latest stable kernel version containing these patches. No workarounds are available; patching is required.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

4
da35a4e6eee5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
57f9a9a232bd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b0cd740a3141
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e5e7e398f6bb
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

4

News mentions

0

No linked articles in our index yet.