CVE-2023-52477: usb: hub: Guard against accesses to uninitialized BOS descriptors
First published: Thu Feb 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If usb_get_bos_descriptor() fails for whatever reason, udev->bos will be NULL and those accesses will result in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000018 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1> Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021 Workqueue: usb_hub_wq hub_event RIP: 0010:hub_port_reset+0x193/0x788 Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9 RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310 RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840 RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0 Call Trace: hub_event+0x73f/0x156e ? hub_activate+0x5b7/0x68f process_one_work+0x1a2/0x487 worker_thread+0x11a/0x288 kthread+0x13a/0x152 ? process_one_work+0x487/0x487 ? kthread_associate_blkcg+0x70/0x70 ret_from_fork+0x1f/0x30 Fall back to a default behavior if the BOS descriptor isn't accessible and skip all the functionalities that depend on it: LPM support checks, Super Speed capabilitiy checks, U1/U2 states setup.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.14.328 | 4.14.328 |
| redhat/kernel | <4.19.297 | 4.19.297 |
| redhat/kernel | <5.4.259 | 5.4.259 |
| redhat/kernel | <5.10.199 | 5.10.199 |
| redhat/kernel | <5.15.136 | 5.15.136 |
| redhat/kernel | <6.1.59 | 6.1.59 |
| redhat/kernel | <6.5.8 | 6.5.8 |
| redhat/kernel | <6.6 | 6.6 |
| Linux Kernel | <4.14.328 | |
| Linux Kernel | >=4.15<4.19.297 | |
| Linux Kernel | >=4.20<5.4.259 | |
| Linux Kernel | >=5.5<5.10.199 | |
| Linux Kernel | >=5.11<5.15.136 | |
| Linux Kernel | >=5.16<6.1.59 | |
| Linux Kernel | >=6.2<6.5.8 | |
| Linux Kernel | =6.6-rc1 | |
| Linux Kernel | =6.6-rc2 | |
| Linux Kernel | =6.6-rc3 | |
| Linux Kernel | =6.6-rc4 | |
| Linux Kernel | =6.6-rc5 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-52477
- https://lore.kernel.org/linux-cve-announce/2024022921-CVE-2023-52477-6f20@gregkh/T/#u
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2267039
- https://access.redhat.com/errata/RHSA-2024:3618
- https://access.redhat.com/errata/RHSA-2024:3627
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2267038
- https://git.kernel.org/stable/c/c64e4dca9aefd232b17ac4c779b608b286654e81
- https://git.kernel.org/stable/c/8e7346bfea56453e31b7421c1c17ca2fb9ed613d
- https://git.kernel.org/stable/c/6ad3e9fd3632106696692232bf7ff88b9f7e1bc3
- https://git.kernel.org/stable/c/241f230324337ed5eae3846a554fb6d15169872c
- https://git.kernel.org/stable/c/528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b
- https://git.kernel.org/stable/c/fb9895ab9533534335fa83d70344b397ac862c81
- https://git.kernel.org/stable/c/136f69a04e71ba3458d137aec3bb2ce1232c0289
- https://git.kernel.org/stable/c/f74a7afc224acd5e922c7a2e52244d891bbe44ee
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-52477?
CVE-2023-52477 is classified as a high-severity vulnerability that affects the Linux kernel.
How do I fix CVE-2023-52477?
To fix CVE-2023-52477, you should update your Linux kernel to a version that is 4.14.328 or later, 4.19.297 or later, 5.4.259 or later, 5.10.199 or later, 5.15.136 or later, 6.1.59 or later, 6.5.8 or later, or 6.6 or later.
What kind of issues does CVE-2023-52477 cause?
CVE-2023-52477 can lead to potential memory corruption due to uninitialized BOS descriptors being accessed in USB hub drivers.
Which Linux kernel versions are affected by CVE-2023-52477?
CVE-2023-52477 affects Linux kernel versions prior to 4.14.328, between 4.15 and 4.19.297, between 4.20 and 5.4.259, between 5.5 and 5.10.199, between 5.11 and 5.15.136, between 5.16 and 6.1.59, between 6.2 and 6.5.8, and specific release candidates of 6.6.
Is CVE-2023-52477 a remote exploit?
CVE-2023-52477 can potentially be exploited remotely, especially against vulnerable USB devices connected to the affected Linux systems.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-52477
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.6-rc1
- version/linux kernel/6.6-rc2
- version/linux kernel/6.6-rc3
- version/linux kernel/6.6-rc4
- version/linux kernel/6.6-rc5
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2