lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025120959-CVE-2023-53847-1f94@gregkh>
Date: Tue,  9 Dec 2025 10:31:31 +0900
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53847: usb-storage: alauda: Fix uninit-value in alauda_check_media()

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

usb-storage: alauda: Fix uninit-value in alauda_check_media()

Syzbot got KMSAN to complain about access to an uninitialized value in
the alauda subdriver of usb-storage:

BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0
drivers/usb/storage/alauda.c:1137
CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x191/0x1f0 lib/dump_stack.c:113
  kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
  __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
  alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460

The problem is that alauda_check_media() doesn't verify that its USB
transfer succeeded before trying to use the received data.  What
should happen if the transfer fails isn't entirely clear, but a
reasonably conservative approach is to pretend that no media is
present.

A similar problem exists in a usb_stor_dbg() call in
alauda_get_media_status().  In this case, when an error occurs the
call is redundant, because usb_stor_ctrl_transfer() already will print
a debugging message.

Finally, unrelated to the uninitialized memory access, is the fact
that alauda_check_media() performs DMA to a buffer on the stack.
Fortunately usb-storage provides a general purpose DMA-able buffer for
uses like this.  We'll use it instead.

The Linux kernel CVE team has assigned CVE-2023-53847 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 4.14.323 with commit 153c3e85873cc3e2f387169783c3a227bad9a95a
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 4.19.292 with commit 49d380bcd6cba987c6085fae6464c9c087e8d9a0
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 5.4.254 with commit 044f4446e06bb03c52216697b14867ebc555ad3b
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 5.10.191 with commit fe7c3a445d22783d27fe8bd0521a8aab1eb9da65
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 5.15.127 with commit 7a11d1e2625bdb2346f6586773b20b20977278ac
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 6.1.46 with commit 0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 6.4.11 with commit 373e0ab8c4c516561493f1acf367c7ee7dc053c2
	Issue introduced in 2.6.16 with commit e80b0fade09ef1ee67b0898d480d4c588f124d5f and fixed in 6.5 with commit a6ff6e7a9dd69364547751db0f626a10a6d628d2

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-53847
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/usb/storage/alauda.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/153c3e85873cc3e2f387169783c3a227bad9a95a
	https://git.kernel.org/stable/c/49d380bcd6cba987c6085fae6464c9c087e8d9a0
	https://git.kernel.org/stable/c/044f4446e06bb03c52216697b14867ebc555ad3b
	https://git.kernel.org/stable/c/fe7c3a445d22783d27fe8bd0521a8aab1eb9da65
	https://git.kernel.org/stable/c/7a11d1e2625bdb2346f6586773b20b20977278ac
	https://git.kernel.org/stable/c/0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd
	https://git.kernel.org/stable/c/373e0ab8c4c516561493f1acf367c7ee7dc053c2
	https://git.kernel.org/stable/c/a6ff6e7a9dd69364547751db0f626a10a6d628d2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ