5.5
MEDIUM
CVE-2023-52528
"SMSc75xx Uninit-Value Access in Kernel"
Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Local variable ----buf.i87@smsc75xx_bind created at: __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 This issue is caused because usbnet_read_cmd() reads less bytes than requested (zero byte in the reproducer). In this case, 'buf' is not properly filled. This patch fixes the issue by returning -ENODATA if usbnet_read_cmd() reads less bytes than requested.

INFO

Published Date :

March 2, 2024, 10:15 p.m.

Last Modified :

Dec. 11, 2024, 4:27 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2023-52528 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-52528.

URL Resource
https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed Patch
https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 Patch
https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 Patch
https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 Patch
https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d Patch
https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 Patch
https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 Patch
https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 Patch
https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed Patch
https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 Patch
https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 Patch
https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 Patch
https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d Patch
https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 Patch
https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 Patch
https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-52528 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-52528 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 11, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-908
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.34 up to (excluding) 4.14.327 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.296 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.258 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.198 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.135 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.57 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.7 *cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*
    Changed Reference Type https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed No Types Assigned https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed Patch
    Changed Reference Type https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed No Types Assigned https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed Patch
    Changed Reference Type https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 No Types Assigned https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 Patch
    Changed Reference Type https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 No Types Assigned https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 Patch
    Changed Reference Type https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 No Types Assigned https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 Patch
    Changed Reference Type https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 No Types Assigned https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 No Types Assigned https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 No Types Assigned https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d No Types Assigned https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d Patch
    Changed Reference Type https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d No Types Assigned https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d Patch
    Changed Reference Type https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 No Types Assigned https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 Patch
    Changed Reference Type https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 No Types Assigned https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 Patch
    Changed Reference Type https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 No Types Assigned https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 Patch
    Changed Reference Type https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 No Types Assigned https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 No Types Assigned https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 No Types Assigned https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed
    Added Reference https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5
    Added Reference https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825
    Added Reference https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4
    Added Reference https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d
    Added Reference https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09
    Added Reference https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812
    Added Reference https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 02, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline] smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Local variable ----buf.i87@smsc75xx_bind created at: __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 This issue is caused because usbnet_read_cmd() reads less bytes than requested (zero byte in the reproducer). In this case, 'buf' is not properly filled. This patch fixes the issue by returning -ENODATA if usbnet_read_cmd() reads less bytes than requested.
    Added Reference Linux https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-52528 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-52528 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Jul. 15, 2025 19:04