-

CVE-2023-53847

In the Linux kernel, the following vulnerability has been resolved:

usb-storage: alauda: Fix uninit-value in alauda_check_media()

Syzbot got KMSAN to complain about access to an uninitialized value in
the alauda subdriver of usb-storage:

BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0
drivers/usb/storage/alauda.c:1137
CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x191/0x1f0 lib/dump_stack.c:113
  kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
  __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
  alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460

The problem is that alauda_check_media() doesn't verify that its USB
transfer succeeded before trying to use the received data.  What
should happen if the transfer fails isn't entirely clear, but a
reasonably conservative approach is to pretend that no media is
present.

A similar problem exists in a usb_stor_dbg() call in
alauda_get_media_status().  In this case, when an error occurs the
call is redundant, because usb_stor_ctrl_transfer() already will print
a debugging message.

Finally, unrelated to the uninitialized memory access, is the fact
that alauda_check_media() performs DMA to a buffer on the stack.
Fortunately usb-storage provides a general purpose DMA-able buffer for
uses like this.  We'll use it instead.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 153c3e85873cc3e2f387169783c3a227bad9a95a
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < 49d380bcd6cba987c6085fae6464c9c087e8d9a0
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < 044f4446e06bb03c52216697b14867ebc555ad3b
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < fe7c3a445d22783d27fe8bd0521a8aab1eb9da65
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < 7a11d1e2625bdb2346f6586773b20b20977278ac
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < 0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < 373e0ab8c4c516561493f1acf367c7ee7dc053c2
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
Version < a6ff6e7a9dd69364547751db0f626a10a6d628d2
Version e80b0fade09ef1ee67b0898d480d4c588f124d5f
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.16
Status affected
Version < 2.6.16
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.323
Status unaffected
Version <= 4.19.*
Version 4.19.292
Status unaffected
Version <= 5.4.*
Version 5.4.254
Status unaffected
Version <= 5.10.*
Version 5.10.191
Status unaffected
Version <= 5.15.*
Version 5.15.127
Status unaffected
Version <= 6.1.*
Version 6.1.46
Status unaffected
Version <= 6.4.*
Version 6.4.11
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.058
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String