CVE-2023-52655

usb: aqc111: check packet for fixup for true limit

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

usb: aqc111: check packet for fixup for true limit

If a device sends a packet that is inbetween 0
and sizeof(u64) the value passed to skb_trim()
as length will wrap around ending up as some very
large value.

The driver will then proceed to parse the header
located at that position, which will either oops or
process some random value.

The fix is to check against sizeof(u64) rather than
0, which the driver currently does. The issue exists
since the introduction of the driver.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: aqc111: verifique el paquete para corregir el límite verdadero Si un dispositivo envía un paquete que está entre 0 y sizeof(u64), el valor pasado a skb_trim() como longitud se ajustará terminando como un valor muy grande. Luego, el controlador procederá a analizar el encabezado ubicado en esa posición, lo que procesará algún valor aleatorio. La solución es compararlo con sizeof(u64) en lugar de 0, como hace actualmente el controlador. El problema existe desde la introducción del controlador.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-05-13 CVE Published
2024-05-14 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204	2023-12-20
https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975	2023-12-20
https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab	2023-12-20
https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd	2023-12-20
https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e	2023-12-20
https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a	2023-11-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.265 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.265"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.205 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.205"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.144 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.144"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.69 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.69"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.7 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7"		en		Affected