#VU116779 NULL pointer dereference in Linux kernel - CVE-2023-53648
Published: October 8, 2025 / Updated: October 26, 2025
Vulnerability identifier: #VU116779
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-53648
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_ac97_mixer() function in sound/pci/ac97/ac97_codec.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/09baf460dfba79ee6a0c72e68ccdbbba84d894df
- https://git.kernel.org/stable/c/228da1fa124470606ac19783e551f9d51a1e01b0
- https://git.kernel.org/stable/c/300e26e3e64880de5013eac8831cf44387ef752c
- https://git.kernel.org/stable/c/5f13d67027fa782096e6aee0db5dce61c4aeb613
- https://git.kernel.org/stable/c/79597c8bf64ca99eab385115743131d260339da5
- https://git.kernel.org/stable/c/809af7bb4219bdeef0dbb8b2ed700d6516d13fe9
- https://git.kernel.org/stable/c/d28b83252e150155b8b8c65b612c555e93c8b45f
- https://git.kernel.org/stable/c/e4cccff1e7ab6ea30995b6fbbb007d02647e025c
- https://git.kernel.org/stable/c/f923a582217b198b557756809ffe42ac0fad6adb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.188