{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53842", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-09T01:27:17.826Z", "datePublished": "2025-12-09T01:30:04.183Z", "dateUpdated": "2025-12-09T01:30:04.183Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T01:30:04.183Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove\n\nThe MBHC resources must be released on component probe failure and\nremoval so can not be tied to the lifetime of the component device.\n\nThis is specifically needed to allow probe deferrals of the sound card\nwhich otherwise fails when reprobing the codec component:\n\n snd-sc8280xp sound: ASoC: failed to instantiate card -517\n genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)\n wcd938x_codec audio-codec: Failed to request mbhc interrupts -16\n wcd938x_codec audio-codec: mbhc initialization failed\n wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16\n snd-sc8280xp sound: ASoC: failed to instantiate card -16"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/wcd-mbhc-v2.c"], "versions": [{"version": "0e5c9e7ff899808afa4e2b08c2e6ccc469bed681", "lessThan": "90ab6446eb522e31421b77bf8f45714f5668f9a3", "status": "affected", "versionType": "git"}, {"version": "0e5c9e7ff899808afa4e2b08c2e6ccc469bed681", "lessThan": "17feff71d06c96dea1fa72451c20d411e9d5ac8f", "status": "affected", "versionType": "git"}, {"version": "0e5c9e7ff899808afa4e2b08c2e6ccc469bed681", "lessThan": "ce4059e1c0aca972446e06c09ee09a0d2ba5df54", "status": "affected", "versionType": "git"}, {"version": "0e5c9e7ff899808afa4e2b08c2e6ccc469bed681", "lessThan": "a5475829adcc600bc69ee9ff7c9e3e43fb4f8d30", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/wcd-mbhc-v2.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.123", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.42", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.7", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.123"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.4.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/90ab6446eb522e31421b77bf8f45714f5668f9a3"}, {"url": "https://git.kernel.org/stable/c/17feff71d06c96dea1fa72451c20d411e9d5ac8f"}, {"url": "https://git.kernel.org/stable/c/ce4059e1c0aca972446e06c09ee09a0d2ba5df54"}, {"url": "https://git.kernel.org/stable/c/a5475829adcc600bc69ee9ff7c9e3e43fb4f8d30"}], "title": "ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove\n\nThe MBHC resources must be released on component probe failure and\nremoval so can not be tied to the lifetime of the component device.\n\nThis is specifically needed to allow probe deferrals of the sound card\nwhich otherwise fails when reprobing the codec component:\n\n snd-sc8280xp sound: ASoC: failed to instantiate card -517\n genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)\n wcd938x_codec audio-codec: Failed to request mbhc interrupts -16\n wcd938x_codec audio-codec: mbhc initialization failed\n wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16\n snd-sc8280xp sound: ASoC: failed to instantiate card -16"}], "id": "CVE-2023-53842", "lastModified": "2025-12-09T18:37:13.640", "metrics": {}, "published": "2025-12-09T16:17:24.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/17feff71d06c96dea1fa72451c20d411e9d5ac8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/90ab6446eb522e31421b77bf8f45714f5668f9a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a5475829adcc600bc69ee9ff7c9e3e43fb4f8d30"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce4059e1c0aca972446e06c09ee09a0d2ba5df54"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove", "id": "2420310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420310"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove\nThe MBHC resources must be released on component probe failure and\nremoval so can not be tied to the lifetime of the component device.\nThis is specifically needed to allow probe deferrals of the sound card\nwhich otherwise fails when reprobing the codec component:\nsnd-sc8280xp sound: ASoC: failed to instantiate card -517\ngenirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)\nwcd938x_codec audio-codec: Failed to request mbhc interrupts -16\nwcd938x_codec audio-codec: mbhc initialization failed\nwcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16\nsnd-sc8280xp sound: ASoC: failed to instantiate card -16"], "name": "CVE-2023-53842", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53842\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53842\nhttps://lore.kernel.org/linux-cve-announce/2025120957-CVE-2023-53842-d1e7@gregkh/T"], "threat_severity": "Low"}