CVE-2023-52655 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap around ending up as some very large value. The driver will then proceed to parse the header located at that position, which will either oops or process some random value. The fix is to check against sizeof(u64) rather than 0, which the driver currently does. The issue exists since the introduction of the driver.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e
https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab
https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd
https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204
https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a
https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975
https://lore.kernel.org/linux-cve-announce/2024051307-CVE-2023-52655-3f94@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52655
https://www.cve.org/CVERecord?id=CVE-2023-52655

History

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 19 Sep 2024 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-467

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-13T10:20:01.160Z

Updated: 2024-11-04T14:50:32.775Z

Reserved: 2024-03-06T09:52:12.099Z

Link: CVE-2023-52655

Vulnrichment

Updated: 2024-08-02T23:03:21.350Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T14:23:13.467

Modified: 2024-05-14T16:13:02.773

Link: CVE-2023-52655

Redhat

Severity : Moderate

Publid Date: 2024-05-13T00:00:00Z

Links: CVE-2023-52655 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52655", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.099Z", "datePublished": "2024-05-13T10:20:01.160Z", "dateUpdated": "2024-11-04T14:50:32.775Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:50:32.775Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aqc111: check packet for fixup for true limit\n\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\n\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\n\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/aqc111.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "84f2e5b3e70f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d69581c17608", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "46412b2fb1f9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "82c386d73689", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2ebf775f0541", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ccab434e674c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/aqc111.c"], "versions": [{"version": "5.4.265", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.205", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.144", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.69", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.8", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204"}, {"url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975"}, {"url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab"}, {"url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd"}, {"url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e"}, {"url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a"}], "title": "usb: aqc111: check packet for fixup for true limit", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T15:30:22.988922Z", "id": "CVE-2023-52655", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:30:31.492Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.350Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.350Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52655", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T15:30:22.988922Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:30:28.166Z"}}], "cna": {"title": "usb: aqc111: check packet for fixup for true limit", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "84f2e5b3e70f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d69581c17608", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "46412b2fb1f9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "82c386d73689", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "2ebf775f0541", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ccab434e674c", "versionType": "git"}], "programFiles": ["drivers/net/usb/aqc111.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.4.265", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.205", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.144", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.69", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.8", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/usb/aqc111.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204"}, {"url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975"}, {"url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab"}, {"url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd"}, {"url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e"}, {"url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aqc111: check packet for fixup for true limit\n\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\n\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\n\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:50:32.775Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52655", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:50:32.775Z", "dateReserved": "2024-03-06T09:52:12.099Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-13T10:20:01.160Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aqc111: check packet for fixup for true limit\n\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\n\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\n\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: usb: aqc111: verifique el paquete para corregir el l\u00edmite verdadero Si un dispositivo env\u00eda un paquete que est\u00e1 entre 0 y sizeof(u64), el valor pasado a skb_trim() como longitud se ajustar\u00e1 terminando como un valor muy grande. Luego, el controlador proceder\u00e1 a analizar el encabezado ubicado en esa posici\u00f3n, lo que procesar\u00e1 alg\u00fan valor aleatorio. La soluci\u00f3n es compararlo con sizeof(u64) en lugar de 0, como hace actualmente el controlador. El problema existe desde la introducci\u00f3n del controlador."}], "id": "CVE-2023-52655", "lastModified": "2024-05-14T16:13:02.773", "metrics": {}, "published": "2024-05-14T14:23:13.467", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: usb: aqc111: check packet for fixup for true limit", "id": "2280452", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280452"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-467", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nusb: aqc111: check packet for fixup for true limit\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver.", "A vulnerability was found in the Linux kernel's `usb: aqc111` driver. The issue involves inadequate packet handling, which could lead to incorrect limit enforcement."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52655", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52655\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52655\nhttps://lore.kernel.org/linux-cve-announce/2024051307-CVE-2023-52655-3f94@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.265, kernel 5.10.205, kernel 5.15.144, kernel 6.1.69, kernel 6.6.8, kernel 6.7"}