What is the severity of CVE-2023-52703?

CVE-2023-52703 is classified as a moderate severity vulnerability in the Linux kernel.

How do I fix CVE-2023-52703?

To fix CVE-2023-52703, update to the patched kernel versions: 4.14.306, 4.19.273, 5.4.232, 5.10.169, 5.15.95, 6.1.13, or 6.2.

What systems are affected by CVE-2023-52703?

CVE-2023-52703 affects various versions of the Linux kernel and specific IBM Security Verify Governance products.

Is CVE-2023-52703 exploited in the wild?

There is currently no public information indicating that CVE-2023-52703 is being actively exploited in the wild.

Who reported CVE-2023-52703?

CVE-2023-52703 was reported by syzbot, a tool for detecting bugs in the Linux kernel.

Vulnerability/
CVE-2023-52703

low

3.3

21/5/2024

9/4/2025

CVE-2023-52703: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

First published: Tue May 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first usb_bulk_msg error path. Jiri Pirko noted that it's pointless to pass it in the error path, and that the value that would be printed in the second error path would be the value of act_len from the first call to usb_bulk_msg.[1] With this in mind, let's just not pass act_len to the usb_bulk_msg error paths. 1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
redhat/kernel	<4.14.306	4.14.306
redhat/kernel	<4.19.273	4.19.273
redhat/kernel	<5.4.232	5.4.232
redhat/kernel	<5.10.169	5.10.169
redhat/kernel	<5.15.95	5.15.95
redhat/kernel	<6.1.13	6.1.13
redhat/kernel	<6.2	6.2
IBM Security Verify Governance - Identity Manager	<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack	<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance	<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container	<=ISVG 10.0.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7230443

Frequently Asked Questions

What is the severity of CVE-2023-52703?
CVE-2023-52703 is classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2023-52703?
To fix CVE-2023-52703, update to the patched kernel versions: 4.14.306, 4.19.273, 5.4.232, 5.10.169, 5.15.95, 6.1.13, or 6.2.
What systems are affected by CVE-2023-52703?
CVE-2023-52703 affects various versions of the Linux kernel and specific IBM Security Verify Governance products.
Is CVE-2023-52703 exploited in the wild?
There is currently no public information indicating that CVE-2023-52703 is being actively exploited in the wild.
Who reported CVE-2023-52703?
CVE-2023-52703 was reported by syzbot, a tool for detecting bugs in the Linux kernel.

agent/title
agent/first-publish-date
agent/type
agent/author
collector/nvd-api
source/NVD
agent/severity
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-52703
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/source
agent/softwarecombine
agent/description
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup-request
package-manager/redhat
vendor/ibm
canonical/ibm security verify governance - identity manager
version/ibm security verify governance - identity manager/isvg 10.0.2
canonical/ibm security verify governance, identity manager software stack
version/ibm security verify governance, identity manager software stack/isvg 10.0.2
canonical/ibm security verify governance, identity manager virtual appliance
version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
canonical/ibm security verify governance identity manager container
version/ibm security verify governance identity manager container/isvg 10.0.2