CVE-2023-52477— usb: hub: Guard against accesses to uninitialized BOS descriptors
Affected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0cdd49a1d1a483d80170d9e592f832274e8bce1b< c64e4dca9aefd232b17ac4c779b608b286654e81 | affected |
0cdd49a1d1a483d80170d9e592f832274e8bce1b< 8e7346bfea56453e31b7421c1c17ca2fb9ed613d | affected | ||
0cdd49a1d1a483d80170d9e592f832274e8bce1b< 6ad3e9fd3632106696692232bf7ff88b9f7e1bc3 | affected | ||
0cdd49a1d1a483d80170d9e592f832274e8bce1b< 241f230324337ed5eae3846a554fb6d15169872c | affected | ||
0cdd49a1d1a483d80170d9e592f832274e8bce1b< 528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b | affected | ||
0cdd49a1d1a483d80170d9e592f832274e8bce1b< fb9895ab9533534335fa83d70344b397ac862c81 | affected | ||
0cdd49a1d1a483d80170d9e592f832274e8bce1b< 136f69a04e71ba3458d137aec3bb2ce1232c0289 | affected | ||
0cdd49a1d1a483d80170d9e592f832274e8bce1b< f74a7afc224acd5e922c7a2e52244d891bbe44ee | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-52477
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
usb: hub: Guard against accesses to uninitialized BOS descriptors
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If usb_get_bos_descriptor() fails for whatever reason, udev->bos will be NULL and those accesses will result in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000018 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1> Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021 Workqueue: usb_hub_wq hub_event RIP: 0010:hub_port_reset+0x193/0x788 Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9 RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310 RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840 RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0 Call Trace: hub_event+0x73f/0x156e ? hub_activate+0x5b7/0x68f process_one_work+0x1a2/0x487 worker_thread+0x11a/0x288 kthread+0x13a/0x152 ? process_one_work+0x487/0x487 ? kthread_associate_blkcg+0x70/0x70 ret_from_fork+0x1f/0x30 Fall back to a default behavior if the BOS descriptor isn't accessible and skip all the functionalities that depend on it: LPM support checks, Super Speed capabilitiy checks, U1/U2 states setup.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于允许访问未初始化的 BOS 描述符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-52477
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-52477
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-02-29 · 53 CVEs total
| CVE-2021-47020 | soundwire: stream: fix memory leak in stream config error path | |
| CVE-2021-47068 | net/nfc: fix use-after-free llcp_sock_bind/connect | |
| CVE-2021-47067 | soc/tegra: regulators: Fix locking up when voltage-spread is out of range | |
| CVE-2021-47062 | KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs | |
| CVE-2021-47065 | rtw88: Fix array overrun in rtw_get_tx_power_params() | |
| CVE-2021-47064 | mt76: fix potential DMA mapping leak | |
| CVE-2021-47063 | drm: bridge/panel: Cleanup connector on bridge detach | |
| CVE-2021-47066 | async_xor: increase src_offs when dropping destination page | |
| CVE-2021-47055 | mtd: require write permissions for locking and badblock ioctls | |
| CVE-2021-47054 | bus: qcom: Put child node before return | |
| CVE-2021-47056 | crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init | |
| CVE-2021-47016 | m68k: mvme147,mvme16x: Don't wipe PCC timer config bits | |
| CVE-2021-46959 | spi: Fix use-after-free with devm_spi_alloc_* | |
| CVE-2024-26620 | s390/vfio-ap: always filter entire AP matrix | |
| CVE-2024-26619 | riscv: Fix module loading free order | |
| CVE-2024-26618 | arm64/sme: Always exit sme_alloc() early with existing storage | |
| CVE-2024-26617 | fs/proc/task_mmu: move mmu notification mechanism inside mm lock | |
| CVE-2024-26616 | btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned | |
| CVE-2024-26615 | net/smc: fix illegal rmb_desc access in SMC-D connection dump | |
| CVE-2024-26614 | tcp: make sure init the accept_queue's spinlocks once |
Showing top 20 of 53 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2023-52477
No comments yet