CVE-2023-53840

usb: early: xhci-dbc: Fix a potential out-of-bound memory access

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the
string is not guaranteed to be NULL terminated when xdbc_trace() is called. Reserve an extra byte, which will be zeroed automatically because 'buf' is
a static variable, in order to avoid troubles, should it happen.

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is called. Reserve an extra byte, which will be zeroed automatically because 'buf' is a static variable, in order to avoid troubles, should it happen.

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-09 CVE Reserved
2025-12-09 CVE Published
2025-12-09 CVE Updated
2026-04-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e8fb0f13e45cf361fd06593d3cb2d89915cd3bd0	2023-03-10
https://git.kernel.org/stable/c/351c8d8650d1ccc006255fa01f98b6c6496a02e5	2023-03-10
https://git.kernel.org/stable/c/df7c8aba7309f4dc55df94e06b67f576c0f52406	2023-03-10
https://git.kernel.org/stable/c/a4a97ab3db5c081eb6e7dba91306adefb461e0bd	2023-01-31

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 5.15.99 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 5.15.99"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 6.1.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.1.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 6.2.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.2.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.3"		en		Affected