CVE-2023-52663

ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak. Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec patch
https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8 patch
https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b patch
https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0 patch

Frequently Asked Questions

What is the severity of CVE-2023-52663?
CVE-2023-52663 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52663?
To fix CVE-2023-52663, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52663 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52663 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52663?
CVE-2023-52663 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.