PT-2024-14744 · Linux+7 · Linux Kernel+7

Niklas Neronin

Published

2023-11-15

Updated

2025-09-29

CVE-2023-52781

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an iteration problem in the usb get bos descriptor() function when skipping the USB DT DEVICE CAPABILITY descriptor type. This results in the same descriptor being read repeatedly. A goto statement is introduced to ensure the pointer and the amount read are updated correctly, allowing the function to iterate to the next descriptor instead of reading the same one repeatedly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670CWE-20

Related Identifiers

ALSA-2024:4211

ALSA-2024:4352

ALSA-2025_16880

BDU:2025-07716

CESA-2024_4211

CESA-2024_4352

CVE-2023-52781

INFSA-2024_4211

INFSA-2024_4352

OESA-2024-1894

OESA-2024-1896

OPENSUSE-SU-2024_2189-1

RHSA-2024:4211

RHSA-2024:4352

RHSA-2024_4211

RHSA-2024_4352

RHSA-2025:10701

RLSA-2024:4211

RLSA-2024:4352

RXSA-2024:4211

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2024-14744 · Linux+7 · Linux Kernel+7

CVE-2023-52781

Weakness Enumeration

Related Identifiers

Affected Products

References · 2925