CVE-2023-53842 in Linuxinfo

Summary

by MITRE • 12/09/2025

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove

The MBHC resources must be released on component probe failure and removal so can not be tied to the lifetime of the component device.

This is specifically needed to allow probe deferrals of the sound card which otherwise fails when reprobing the codec component:

snd-sc8280xp sound: ASoC: failed to instantiate card -517 genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr) wcd938x_codec audio-codec: Failed to request mbhc interrupts -16 wcd938x_codec audio-codec: mbhc initialization failed wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16 snd-sc8280xp sound: ASoC: failed to instantiate card -16

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 03/30/2026

The vulnerability described in CVE-2023-53842 represents a resource management issue within the Linux kernel's Advanced SoC (ASoC) subsystem, specifically affecting the wcd-mbhc-v2 codec driver. This flaw manifests as improper handling of memory and interrupt resources during the component lifecycle, creating a persistent resource leak that can severely impact system stability and audio functionality. The issue occurs within the Wireless Communication Device (WCD) MBHC (Microphone Button Headset Controller) v2 driver implementation, which is critical for proper audio jack detection and button handling in mobile and embedded systems. The root cause lies in the failure to properly release allocated resources when component probe operations encounter failures or when components are removed from the system.

The technical flaw stems from inadequate resource cleanup mechanisms within the ASoC framework where MBHC resources become permanently tied to the component device lifetime rather than being properly managed through explicit release operations. This design defect creates a cascade of failures when the system attempts to reprobe codec components, particularly in scenarios involving probe deferrals where the system must temporarily defer component initialization. The resource leak specifically affects interrupt handling and memory allocation for the MBHC subsystem, causing the system to exhaust available resources and ultimately fail to instantiate audio cards properly. When the wcd938x_codec driver attempts to request MBHC interrupts and fails with error code -16, it triggers a chain reaction that prevents the sound card from being properly initialized, as evidenced by the error messages showing "ASoC: error at snd_soc_component_probe" and "failed to instantiate card -16".

The operational impact of this vulnerability extends beyond simple audio functionality degradation to potentially compromise entire system stability, particularly in mobile platforms where audio jack detection is essential for proper device operation. Systems utilizing the affected sc8280xp sound driver experience complete audio card instantiation failures, preventing users from accessing audio capabilities until the underlying resource leaks are resolved. The issue becomes particularly problematic during system boot processes or when dynamic component reinitialization is required, as the persistent resource leaks prevent proper system recovery and can lead to complete audio subsystem failures. This vulnerability directly impacts device reliability and user experience in mobile and embedded systems where audio functionality is critical for proper operation.

Mitigation strategies for this vulnerability require implementing proper resource management practices within the ASoC subsystem, specifically ensuring that MBHC resources are released during both component probe failures and removal operations. The fix involves modifying the driver code to explicitly manage resource lifetimes independent of component device lifetimes, following established kernel programming practices for resource cleanup. Organizations should update their Linux kernel versions to include the patched implementation that properly handles resource release operations during component probe failures. System administrators should monitor for error messages related to MBHC interrupt requests and audio card instantiation failures, as these indicate potential exposure to the vulnerability. The fix aligns with common weakness enumeration CWE-404, which addresses improper resource release, and follows ATT&CK technique T1547.001 for privilege escalation through kernel-level resource manipulation. This vulnerability demonstrates the critical importance of proper resource management in kernel subsystems and highlights the need for comprehensive testing of component lifecycle operations in embedded audio systems.

Responsible

Linux

Reservation

12/09/2025

Disclosure

12/09/2025

Moderation

accepted

CPE

ready

EPSS

0.00214

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!