PT-2023-9464 · Linux+9 · Linux Kernel+9
Syzbot
·
Published
2023-10-03
·
Updated
2025-09-29
·
CVE-2023-52528
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.8.0
Description
The issue is caused by the
usbnet read cmd() function reading less bytes than requested, resulting in the buf variable not being properly filled. This can lead to an uninit-value access issue in the smsc75xx wait ready and smsc75xx bind functions. The patch fixes the issue by returning -ENODATA if usbnet read cmd() reads less bytes than requested.Recommendations
To resolve the issue, update the Linux kernel to a version that includes the patch for the
net: usb: smsc75xx: Fix uninit-value access in smsc75xx read reg vulnerability. Specifically, update to a version later than 5.8.0.Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.
Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu