-

CVE-2023-53553

In the Linux kernel, the following vulnerability has been resolved:

HID: hyperv: avoid struct memcpy overrun warning

A previous patch addressed the fortified memcpy warning for most
builds, but I still see this one with gcc-9:

In file included from include/linux/string.h:254,
                 from drivers/hid/hid-hyperv.c:8:
In function 'fortify_memcpy_chk',
    inlined from 'mousevsc_on_receive' at drivers/hid/hid-hyperv.c:272:3:
include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
  583 |    __write_overflow_field(p_size_field, size);
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

My guess is that the WARN_ON() itself is what confuses gcc, so it no
longer sees that there is a correct range check. Rework the code in a
way that helps readability and avoids the warning.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
Product Linux
Default Statusunaffected
Version < a7902cc5f5b9c95997017c8e309da760fb1deb6e
Version 542f25a94471570e2594be5b422b9ca572cf88a1
Status affected
Version < 5f151364b1da6bd217632fd4ee8cc24eaf66a497
Version 542f25a94471570e2594be5b422b9ca572cf88a1
Status affected
VendorLinux
Product Linux
Default Statusaffected
Version 6.2
Status affected
Version < 6.2
Version 0
Status unaffected
Version <= 6.4.*
Version 6.4.5
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.034
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string