Linux Kernel up to 6.1.10 ipc4-mtrace sof_ipc4_priority_mask_dfs_write data authenticity

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.10. Impacted is the function sof_ipc4_priority_mask_dfs_write of the component ipc4-mtrace. Executing a manipulation can lead to data authenticity.
This vulnerability appears as CVE-2023-52987. There is no available exploit.
Upgrading the affected component is recommended.
Details
A vulnerability was found in Linux Kernel up to 6.1.10. It has been declared as problematic. This vulnerability affects the function sof_ipc4_priority_mask_dfs_write of the component ipc4-mtrace. The manipulation with an unknown input leads to a data authenticity vulnerability. The CWE definition for the vulnerability is CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. The impact remains unknown. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write() The "id" comes from the user. Change the type to unsigned to prevent an array underflow.
The advisory is shared for download at git.kernel.org. This vulnerability was named CVE-2023-52987 since 03/27/2025. The exploitation appears to be difficult. There are known technical details, but no exploit is available.
Upgrading to version 6.1.11 eliminates this vulnerability. Applying the patch d52f34784e4e2f6e77671a9f104d8a69a3b5d24c/ea57680af47587397f5005d7758022441ed66d54 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-0649). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Affected
- Google Container-Optimized OS
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- SUSE openSUSE
- Dell Avamar
- Open Source Linux Kernel
- SolarWinds Security Event Manager
- Dell NetWorker
- Dell Secure Connect Gateway
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.1
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Data authenticityCWE: CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.1.11
Patch: d52f34784e4e2f6e77671a9f104d8a69a3b5d24c/ea57680af47587397f5005d7758022441ed66d54
Timeline
03/27/2025 🔍03/27/2025 🔍
03/27/2025 🔍
12/07/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2023-52987 (🔍)
GCVE (CVE): GCVE-0-2023-52987
GCVE (VulDB): GCVE-100-301768
CERT Bund: WID-SEC-2025-0649 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 03/27/2025 18:53Updated: 12/07/2025 05:32
Changes: 03/27/2025 18:53 (58), 08/24/2025 10:08 (7), 10/29/2025 20:26 (12), 12/07/2025 05:32 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.