VIR Vulnerability Intelligence Relay

CVE-2023-52703

high
Published 2024-11-12 Β· Modified 2024-07-08
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
8.0

Description

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first usb_bulk_msg error path. Jiri Pirko noted that it's pointless to pass it in the error path, and that the value that would be printed in the second error path would be the value of act_len from the first call to usb_bulk_msg.[1] With this in mind, let's just not pass act_len to the usb_bulk_msg error paths. 1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path CVSS v3: 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10RHSA-2024:43522024-07-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.8.1.el8_10RHSA-2024:42112024-07-02T00:00:00Z Red Hat…

Description

kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

CVSS v3: 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10RHSA-2024:43522024-07-08T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-553.8.1.el8_10RHSA-2024:42112024-07-02T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-503.11.1.el9_5RHSA-2024:93152024-11-12T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-503.11.1.el9_5RHSA-2024:93152024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Supportkernel-0:5.14.0-427.70.1.el9_4RHSA-2025:82482025-05-28T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected

Apply commands

bash fix
Apply RHSA-2024:4352 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 9Affected

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
8 Fixed kernel-abi-stablelists-4.18.0-553.8.1.el8_10.noarch.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 6.1.15-1
sid Fixed 6.1.15-1
forky Fixed 6.1.15-1
bullseye Fixed 5.10.178-1
bookworm Fixed 6.1.15-1
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.