PT-2023-9464 · Linux+9 · Linux Kernel+9
Syzbot
·
Publicado
2023-10-03
·
Atualizado
2025-09-29
·
CVE-2023-52528
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.8.0
Description
The issue is caused by the
usbnet read cmd() function reading less bytes than requested, resulting in the buf variable not being properly filled. This can lead to an uninit-value access issue in the smsc75xx wait ready and smsc75xx bind functions. The patch fixes the issue by returning -ENODATA if usbnet read cmd() reads less bytes than requested.Recommendations
To resolve the issue, update the Linux kernel to a version that includes the patch for the
net: usb: smsc75xx: Fix uninit-value access in smsc75xx read reg vulnerability. Specifically, update to a version later than 5.8.0.Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.
Exploit
Correção
Use of Uninitialized Resource
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu