{"id":"CVE-2023-53275","summary":"ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()\n\nThe variable codec-\u003eregmap is often protected by the lock\ncodec-\u003eregmap_lock when is accessed. However, it is accessed without\nholding the lock when is accessed in snd_hdac_regmap_sync():\n\n  if (codec-\u003eregmap)\n\nIn my opinion, this may be a harmful race, because if codec-\u003eregmap is\nset to NULL right after the condition is checked, a null-pointer\ndereference can occur in the called function regcache_sync():\n\n  map-\u003elock(map-\u003elock_arg); --\u003e Line 360 in drivers/base/regmap/regcache.c\n\nTo fix this possible null-pointer dereference caused by data race, the\nmutex_lock coverage is extended to protect the if statement as well as the\nfunction call to regcache_sync().\n\n[ Note: the lack of the regmap_lock itself is harmless for the current\n  codec driver implementations, as snd_hdac_regmap_sync() is only for\n  PM runtime resume that is prohibited during the codec probe.\n  But the change makes the whole code more consistent, so it's merged\n  as is -- tiwai ]","modified":"2026-03-20T12:33:04.843817Z","published":"2025-09-16T08:11:10.475Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53275.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/109f0aaa0b8838a88af9125b79579023539300a7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1f4a08fed450db87fbb5ff5105354158bdbe1a22"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8703b26387e1fa4f8749db98d24c67617b873acb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9f9eed451176ffcac6b5ba0f6dae1a6b4a1cb0eb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b32e40379e5b2814de0c4bc199edc2d82317dc07"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cdd412b528dee6e0851c4735d6676ec138da13a4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53275.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53275"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"69d5dc286d05441ca2f854ae8df11201f6f9b706"},{"fixed":"109f0aaa0b8838a88af9125b79579023539300a7"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1a462be52f4505a2719631fb5aa7bfdbd37bfd8d"},{"fixed":"9f9eed451176ffcac6b5ba0f6dae1a6b4a1cb0eb"},{"fixed":"8703b26387e1fa4f8749db98d24c67617b873acb"},{"fixed":"cdd412b528dee6e0851c4735d6676ec138da13a4"},{"fixed":"b32e40379e5b2814de0c4bc199edc2d82317dc07"},{"fixed":"1f4a08fed450db87fbb5ff5105354158bdbe1a22"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53275.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}