Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52477

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
29/02/2024
Last modified:
09/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: hub: Guard against accesses to uninitialized BOS descriptors<br /> <br /> Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h<br /> access fields inside udev-&gt;bos without checking if it was allocated and<br /> initialized. If usb_get_bos_descriptor() fails for whatever<br /> reason, udev-&gt;bos will be NULL and those accesses will result in a<br /> crash:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000018<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <br /> Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021<br /> Workqueue: usb_hub_wq hub_event<br /> RIP: 0010:hub_port_reset+0x193/0x788<br /> Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9<br /> RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310<br /> RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840<br /> RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060<br /> R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000<br /> R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000<br /> FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0<br /> Call Trace:<br /> hub_event+0x73f/0x156e<br /> ? hub_activate+0x5b7/0x68f<br /> process_one_work+0x1a2/0x487<br /> worker_thread+0x11a/0x288<br /> kthread+0x13a/0x152<br /> ? process_one_work+0x487/0x487<br /> ? kthread_associate_blkcg+0x70/0x70<br /> ret_from_fork+0x1f/0x30<br /> <br /> Fall back to a default behavior if the BOS descriptor isn&amp;#39;t accessible<br /> and skip all the functionalities that depend on it: LPM support checks,<br /> Super Speed capabilitiy checks, U1/U2 states setup.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.328 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.297 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.259 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.199 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.136 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.59 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.5.8 (excluding)
cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools