CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-52886

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Read of size 8 at addr ffff88801e78b8c8 by task udevd/5011 CPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351 print_report mm/kasan/report.c:462 [inline] kasan_report+0x11c/0x130 mm/kasan/report.c:572 read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 ... Allocated by task 758: ... __do_kmalloc_node mm/slab_common.c:966 [inline] __kmalloc+0x5e/0x190 mm/slab_common.c:979 kmalloc include/linux/slab.h:563 [inline] kzalloc include/linux/slab.h:680 [inline] usb_get_configuration+0x1f7/0x5170 drivers/usb/core/config.c:887 usb_enumerate_device drivers/usb/core/hub.c:2407 [inline] usb_new_device+0x12b0/0x19d0 drivers/usb/core/hub.c:2545 As analyzed by Khazhy Kumykov, the cause of this bug is a race between read_descriptors() and hub_port_init(): The first routine uses a field in udev->descriptor, not expecting it to change, while the second overwrites it. Prior to commit 45bf39f8df7f ("USB: core: Don't hold device lock while reading the "descriptors" sysfs file") this race couldn't occur, because the routines were mutually exclusive thanks to the device locking. Removing that locking from read_descriptors() exposed it to the race. The best way to fix the bug is to keep hub_port_init() from changing udev->descriptor once udev has been initialized and registered. Drivers expect the descriptors stored in the kernel to be immutable; we should not undermine this expectation. In fact, this change should have been made long ago. So now hub_port_init() will take an additional argument, specifying a buffer in which to store the device descriptor it reads. (If udev has not yet been initialized, the buffer pointer will be NULL and then hub_port_init() will store the device descriptor in udev as before.) This eliminates the data race responsible for the out-of-bounds read. The changes to hub_port_init() appear more extensive than they really are, because of indentation changes resulting from an attempt to avoid writing to other parts of the usb_device structure after it has been initialized. Similar changes should be made to the code that reads the BOS descriptor, but that can be handled in a separate patch later on. This patch is sufficient to fix the bug found by syzbot.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.9%

CVSS Severity

CVSS v3 Score 6.4

References

Products affected by CVE-2023-52886

Linux » Linux Kernel » Version: 5.10.171

cpe:2.3:o:linux:linux_kernel:5.10.171
Linux » Linux Kernel » Version: 5.10.172

cpe:2.3:o:linux:linux_kernel:5.10.172
Linux » Linux Kernel » Version: 5.10.173

cpe:2.3:o:linux:linux_kernel:5.10.173
Linux » Linux Kernel » Version: 5.10.174

cpe:2.3:o:linux:linux_kernel:5.10.174
Linux » Linux Kernel » Version: 5.10.175

cpe:2.3:o:linux:linux_kernel:5.10.175
Linux » Linux Kernel » Version: 5.10.176

cpe:2.3:o:linux:linux_kernel:5.10.176
Linux » Linux Kernel » Version: 5.10.177

cpe:2.3:o:linux:linux_kernel:5.10.177
Linux » Linux Kernel » Version: 5.10.178

cpe:2.3:o:linux:linux_kernel:5.10.178
Linux » Linux Kernel » Version: 5.10.179

cpe:2.3:o:linux:linux_kernel:5.10.179
Linux » Linux Kernel » Version: 5.10.180

cpe:2.3:o:linux:linux_kernel:5.10.180
Linux » Linux Kernel » Version: 5.10.181

cpe:2.3:o:linux:linux_kernel:5.10.181
Linux » Linux Kernel » Version: 5.10.182

cpe:2.3:o:linux:linux_kernel:5.10.182
Linux » Linux Kernel » Version: 5.10.183

cpe:2.3:o:linux:linux_kernel:5.10.183
Linux » Linux Kernel » Version: 5.10.184

cpe:2.3:o:linux:linux_kernel:5.10.184
Linux » Linux Kernel » Version: 5.10.185

cpe:2.3:o:linux:linux_kernel:5.10.185
Linux » Linux Kernel » Version: 5.10.186

cpe:2.3:o:linux:linux_kernel:5.10.186
Linux » Linux Kernel » Version: 5.10.187

cpe:2.3:o:linux:linux_kernel:5.10.187
Linux » Linux Kernel » Version: 5.10.188

cpe:2.3:o:linux:linux_kernel:5.10.188
Linux » Linux Kernel » Version: 5.10.189

cpe:2.3:o:linux:linux_kernel:5.10.189
Linux » Linux Kernel » Version: 5.10.190

cpe:2.3:o:linux:linux_kernel:5.10.190
Linux » Linux Kernel » Version: 5.10.191

cpe:2.3:o:linux:linux_kernel:5.10.191
Linux » Linux Kernel » Version: 5.10.192

cpe:2.3:o:linux:linux_kernel:5.10.192
Linux » Linux Kernel » Version: 5.10.193

cpe:2.3:o:linux:linux_kernel:5.10.193
Linux » Linux Kernel » Version: 5.10.194

cpe:2.3:o:linux:linux_kernel:5.10.194
Linux » Linux Kernel » Version: 5.15.100

cpe:2.3:o:linux:linux_kernel:5.15.100
Linux » Linux Kernel » Version: 5.15.101

cpe:2.3:o:linux:linux_kernel:5.15.101
Linux » Linux Kernel » Version: 5.15.102

cpe:2.3:o:linux:linux_kernel:5.15.102
Linux » Linux Kernel » Version: 5.15.103

cpe:2.3:o:linux:linux_kernel:5.15.103
Linux » Linux Kernel » Version: 5.15.104

cpe:2.3:o:linux:linux_kernel:5.15.104
Linux » Linux Kernel » Version: 5.15.105

cpe:2.3:o:linux:linux_kernel:5.15.105
Linux » Linux Kernel » Version: 5.15.106

cpe:2.3:o:linux:linux_kernel:5.15.106
Linux » Linux Kernel » Version: 5.15.107

cpe:2.3:o:linux:linux_kernel:5.15.107
Linux » Linux Kernel » Version: 5.15.108

cpe:2.3:o:linux:linux_kernel:5.15.108
Linux » Linux Kernel » Version: 5.15.109

cpe:2.3:o:linux:linux_kernel:5.15.109
Linux » Linux Kernel » Version: 5.15.110

cpe:2.3:o:linux:linux_kernel:5.15.110
Linux » Linux Kernel » Version: 5.15.111

cpe:2.3:o:linux:linux_kernel:5.15.111
Linux » Linux Kernel » Version: 5.15.112

cpe:2.3:o:linux:linux_kernel:5.15.112
Linux » Linux Kernel » Version: 5.15.113

cpe:2.3:o:linux:linux_kernel:5.15.113
Linux » Linux Kernel » Version: 5.15.114

cpe:2.3:o:linux:linux_kernel:5.15.114
Linux » Linux Kernel » Version: 5.15.115

cpe:2.3:o:linux:linux_kernel:5.15.115
Linux » Linux Kernel » Version: 5.15.116

cpe:2.3:o:linux:linux_kernel:5.15.116
Linux » Linux Kernel » Version: 5.15.117

cpe:2.3:o:linux:linux_kernel:5.15.117
Linux » Linux Kernel » Version: 5.15.118

cpe:2.3:o:linux:linux_kernel:5.15.118
Linux » Linux Kernel » Version: 5.15.119

cpe:2.3:o:linux:linux_kernel:5.15.119
Linux » Linux Kernel » Version: 5.15.120

cpe:2.3:o:linux:linux_kernel:5.15.120
Linux » Linux Kernel » Version: 5.15.121

cpe:2.3:o:linux:linux_kernel:5.15.121
Linux » Linux Kernel » Version: 5.15.122

cpe:2.3:o:linux:linux_kernel:5.15.122
Linux » Linux Kernel » Version: 5.15.123

cpe:2.3:o:linux:linux_kernel:5.15.123
Linux » Linux Kernel » Version: 5.15.124

cpe:2.3:o:linux:linux_kernel:5.15.124
Linux » Linux Kernel » Version: 5.15.125

cpe:2.3:o:linux:linux_kernel:5.15.125
Linux » Linux Kernel » Version: 5.15.126

cpe:2.3:o:linux:linux_kernel:5.15.126
Linux » Linux Kernel » Version: 5.15.127

cpe:2.3:o:linux:linux_kernel:5.15.127
Linux » Linux Kernel » Version: 5.15.128

cpe:2.3:o:linux:linux_kernel:5.15.128
Linux » Linux Kernel » Version: 5.15.129

cpe:2.3:o:linux:linux_kernel:5.15.129
Linux » Linux Kernel » Version: 5.15.130

cpe:2.3:o:linux:linux_kernel:5.15.130
Linux » Linux Kernel » Version: 5.15.131

cpe:2.3:o:linux:linux_kernel:5.15.131
Linux » Linux Kernel » Version: 5.15.97

cpe:2.3:o:linux:linux_kernel:5.15.97
Linux » Linux Kernel » Version: 5.15.98

cpe:2.3:o:linux:linux_kernel:5.15.98
Linux » Linux Kernel » Version: 5.15.99

cpe:2.3:o:linux:linux_kernel:5.15.99
Linux » Linux Kernel » Version: 6.1.15

cpe:2.3:o:linux:linux_kernel:6.1.15
Linux » Linux Kernel » Version: 6.1.16

cpe:2.3:o:linux:linux_kernel:6.1.16
Linux » Linux Kernel » Version: 6.1.17

cpe:2.3:o:linux:linux_kernel:6.1.17
Linux » Linux Kernel » Version: 6.1.18

cpe:2.3:o:linux:linux_kernel:6.1.18
Linux » Linux Kernel » Version: 6.1.19

cpe:2.3:o:linux:linux_kernel:6.1.19
Linux » Linux Kernel » Version: 6.1.20

cpe:2.3:o:linux:linux_kernel:6.1.20
Linux » Linux Kernel » Version: 6.1.21

cpe:2.3:o:linux:linux_kernel:6.1.21
Linux » Linux Kernel » Version: 6.1.22

cpe:2.3:o:linux:linux_kernel:6.1.22
Linux » Linux Kernel » Version: 6.1.23

cpe:2.3:o:linux:linux_kernel:6.1.23
Linux » Linux Kernel » Version: 6.1.24

cpe:2.3:o:linux:linux_kernel:6.1.24
Linux » Linux Kernel » Version: 6.1.25

cpe:2.3:o:linux:linux_kernel:6.1.25
Linux » Linux Kernel » Version: 6.1.26

cpe:2.3:o:linux:linux_kernel:6.1.26
Linux » Linux Kernel » Version: 6.1.27

cpe:2.3:o:linux:linux_kernel:6.1.27
Linux » Linux Kernel » Version: 6.1.28

cpe:2.3:o:linux:linux_kernel:6.1.28
Linux » Linux Kernel » Version: 6.1.29

cpe:2.3:o:linux:linux_kernel:6.1.29
Linux » Linux Kernel » Version: 6.1.30

cpe:2.3:o:linux:linux_kernel:6.1.30
Linux » Linux Kernel » Version: 6.1.31

cpe:2.3:o:linux:linux_kernel:6.1.31
Linux » Linux Kernel » Version: 6.1.32

cpe:2.3:o:linux:linux_kernel:6.1.32
Linux » Linux Kernel » Version: 6.1.33

cpe:2.3:o:linux:linux_kernel:6.1.33
Linux » Linux Kernel » Version: 6.1.34

cpe:2.3:o:linux:linux_kernel:6.1.34
Linux » Linux Kernel » Version: 6.1.35

cpe:2.3:o:linux:linux_kernel:6.1.35
Linux » Linux Kernel » Version: 6.1.36

cpe:2.3:o:linux:linux_kernel:6.1.36
Linux » Linux Kernel » Version: 6.1.37

cpe:2.3:o:linux:linux_kernel:6.1.37
Linux » Linux Kernel » Version: 6.1.38

cpe:2.3:o:linux:linux_kernel:6.1.38
Linux » Linux Kernel » Version: 6.1.39

cpe:2.3:o:linux:linux_kernel:6.1.39
Linux » Linux Kernel » Version: 6.1.40

cpe:2.3:o:linux:linux_kernel:6.1.40
Linux » Linux Kernel » Version: 6.1.41

cpe:2.3:o:linux:linux_kernel:6.1.41
Linux » Linux Kernel » Version: 6.1.42

cpe:2.3:o:linux:linux_kernel:6.1.42
Linux » Linux Kernel » Version: 6.1.43

cpe:2.3:o:linux:linux_kernel:6.1.43
Linux » Linux Kernel » Version: 6.1.44

cpe:2.3:o:linux:linux_kernel:6.1.44
Linux » Linux Kernel » Version: 6.1.45

cpe:2.3:o:linux:linux_kernel:6.1.45
Linux » Linux Kernel » Version: 6.1.46

cpe:2.3:o:linux:linux_kernel:6.1.46
Linux » Linux Kernel » Version: 6.1.47

cpe:2.3:o:linux:linux_kernel:6.1.47
Linux » Linux Kernel » Version: 6.1.48

cpe:2.3:o:linux:linux_kernel:6.1.48
Linux » Linux Kernel » Version: 6.1.49

cpe:2.3:o:linux:linux_kernel:6.1.49
Linux » Linux Kernel » Version: 6.1.50

cpe:2.3:o:linux:linux_kernel:6.1.50
Linux » Linux Kernel » Version: 6.1.51

cpe:2.3:o:linux:linux_kernel:6.1.51
Linux » Linux Kernel » Version: 6.1.52

cpe:2.3:o:linux:linux_kernel:6.1.52
Linux » Linux Kernel » Version: 6.3

cpe:2.3:o:linux:linux_kernel:6.3
Linux » Linux Kernel » Version: 6.3.1

cpe:2.3:o:linux:linux_kernel:6.3.1
Linux » Linux Kernel » Version: 6.3.10

cpe:2.3:o:linux:linux_kernel:6.3.10
Linux » Linux Kernel » Version: 6.3.11

cpe:2.3:o:linux:linux_kernel:6.3.11
Linux » Linux Kernel » Version: 6.3.12

cpe:2.3:o:linux:linux_kernel:6.3.12
Linux » Linux Kernel » Version: 6.3.13

cpe:2.3:o:linux:linux_kernel:6.3.13
Linux » Linux Kernel » Version: 6.3.2

cpe:2.3:o:linux:linux_kernel:6.3.2
Linux » Linux Kernel » Version: 6.3.3

cpe:2.3:o:linux:linux_kernel:6.3.3
Linux » Linux Kernel » Version: 6.3.4

cpe:2.3:o:linux:linux_kernel:6.3.4
Linux » Linux Kernel » Version: 6.3.5

cpe:2.3:o:linux:linux_kernel:6.3.5
Linux » Linux Kernel » Version: 6.3.6

cpe:2.3:o:linux:linux_kernel:6.3.6
Linux » Linux Kernel » Version: 6.3.7

cpe:2.3:o:linux:linux_kernel:6.3.7
Linux » Linux Kernel » Version: 6.3.8

cpe:2.3:o:linux:linux_kernel:6.3.8
Linux » Linux Kernel » Version: 6.3.9

cpe:2.3:o:linux:linux_kernel:6.3.9
Linux » Linux Kernel » Version: 6.4

cpe:2.3:o:linux:linux_kernel:6.4
Linux » Linux Kernel » Version: 6.4.1

cpe:2.3:o:linux:linux_kernel:6.4.1
Linux » Linux Kernel » Version: 6.4.10

cpe:2.3:o:linux:linux_kernel:6.4.10
Linux » Linux Kernel » Version: 6.4.11

cpe:2.3:o:linux:linux_kernel:6.4.11
Linux » Linux Kernel » Version: 6.4.12

cpe:2.3:o:linux:linux_kernel:6.4.12
Linux » Linux Kernel » Version: 6.4.13

cpe:2.3:o:linux:linux_kernel:6.4.13
Linux » Linux Kernel » Version: 6.4.14

cpe:2.3:o:linux:linux_kernel:6.4.14
Linux » Linux Kernel » Version: 6.4.15

cpe:2.3:o:linux:linux_kernel:6.4.15
Linux » Linux Kernel » Version: 6.4.2

cpe:2.3:o:linux:linux_kernel:6.4.2
Linux » Linux Kernel » Version: 6.4.3

cpe:2.3:o:linux:linux_kernel:6.4.3
Linux » Linux Kernel » Version: 6.4.4

cpe:2.3:o:linux:linux_kernel:6.4.4
Linux » Linux Kernel » Version: 6.4.5

cpe:2.3:o:linux:linux_kernel:6.4.5
Linux » Linux Kernel » Version: 6.4.6

cpe:2.3:o:linux:linux_kernel:6.4.6
Linux » Linux Kernel » Version: 6.4.7

cpe:2.3:o:linux:linux_kernel:6.4.7
Linux » Linux Kernel » Version: 6.4.8

cpe:2.3:o:linux:linux_kernel:6.4.8
Linux » Linux Kernel » Version: 6.4.9

cpe:2.3:o:linux:linux_kernel:6.4.9
Linux » Linux Kernel » Version: 6.5

cpe:2.3:o:linux:linux_kernel:6.5
Linux » Linux Kernel » Version: 6.5.1

cpe:2.3:o:linux:linux_kernel:6.5.1
Linux » Linux Kernel » Version: 6.5.2

cpe:2.3:o:linux:linux_kernel:6.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-52886

Products

Pricing

Contact Us