CVE-2023-53847 (GCVE-0-2023-53847)
Vulnerability from cvelistv5 – Published: 2025-12-09 01:30 – Updated: 2025-12-09 01:30
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Fix uninit-value in alauda_check_media()
Syzbot got KMSAN to complain about access to an uninitialized value in
the alauda subdriver of usb-storage:
BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0
drivers/usb/storage/alauda.c:1137
CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
__msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460
The problem is that alauda_check_media() doesn't verify that its USB
transfer succeeded before trying to use the received data. What
should happen if the transfer fails isn't entirely clear, but a
reasonably conservative approach is to pretend that no media is
present.
A similar problem exists in a usb_stor_dbg() call in
alauda_get_media_status(). In this case, when an error occurs the
call is redundant, because usb_stor_ctrl_transfer() already will print
a debugging message.
Finally, unrelated to the uninitialized memory access, is the fact
that alauda_check_media() performs DMA to a buffer on the stack.
Fortunately usb-storage provides a general purpose DMA-able buffer for
uses like this. We'll use it instead.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e80b0fade09ef1ee67b0898d480d4c588f124d5f , < 153c3e85873cc3e2f387169783c3a227bad9a95a
(git)
Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < 49d380bcd6cba987c6085fae6464c9c087e8d9a0 (git) Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < 044f4446e06bb03c52216697b14867ebc555ad3b (git) Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < fe7c3a445d22783d27fe8bd0521a8aab1eb9da65 (git) Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < 7a11d1e2625bdb2346f6586773b20b20977278ac (git) Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < 0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd (git) Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < 373e0ab8c4c516561493f1acf367c7ee7dc053c2 (git) Affected: e80b0fade09ef1ee67b0898d480d4c588f124d5f , < a6ff6e7a9dd69364547751db0f626a10a6d628d2 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/alauda.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "153c3e85873cc3e2f387169783c3a227bad9a95a",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "49d380bcd6cba987c6085fae6464c9c087e8d9a0",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "044f4446e06bb03c52216697b14867ebc555ad3b",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "fe7c3a445d22783d27fe8bd0521a8aab1eb9da65",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "7a11d1e2625bdb2346f6586773b20b20977278ac",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "373e0ab8c4c516561493f1acf367c7ee7dc053c2",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
},
{
"lessThan": "a6ff6e7a9dd69364547751db0f626a10a6d628d2",
"status": "affected",
"version": "e80b0fade09ef1ee67b0898d480d4c588f124d5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/storage/alauda.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.16"
},
{
"lessThan": "2.6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.292",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.254",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.323",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.292",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.254",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.191",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.127",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.46",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.11",
"versionStartIncluding": "2.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "2.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Fix uninit-value in alauda_check_media()\n\nSyzbot got KMSAN to complain about access to an uninitialized value in\nthe alauda subdriver of usb-storage:\n\nBUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0\ndrivers/usb/storage/alauda.c:1137\nCPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x191/0x1f0 lib/dump_stack.c:113\n kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108\n __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250\n alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460\n\nThe problem is that alauda_check_media() doesn\u0027t verify that its USB\ntransfer succeeded before trying to use the received data. What\nshould happen if the transfer fails isn\u0027t entirely clear, but a\nreasonably conservative approach is to pretend that no media is\npresent.\n\nA similar problem exists in a usb_stor_dbg() call in\nalauda_get_media_status(). In this case, when an error occurs the\ncall is redundant, because usb_stor_ctrl_transfer() already will print\na debugging message.\n\nFinally, unrelated to the uninitialized memory access, is the fact\nthat alauda_check_media() performs DMA to a buffer on the stack.\nFortunately usb-storage provides a general purpose DMA-able buffer for\nuses like this. We\u0027ll use it instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T01:30:10.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/153c3e85873cc3e2f387169783c3a227bad9a95a"
},
{
"url": "https://git.kernel.org/stable/c/49d380bcd6cba987c6085fae6464c9c087e8d9a0"
},
{
"url": "https://git.kernel.org/stable/c/044f4446e06bb03c52216697b14867ebc555ad3b"
},
{
"url": "https://git.kernel.org/stable/c/fe7c3a445d22783d27fe8bd0521a8aab1eb9da65"
},
{
"url": "https://git.kernel.org/stable/c/7a11d1e2625bdb2346f6586773b20b20977278ac"
},
{
"url": "https://git.kernel.org/stable/c/0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd"
},
{
"url": "https://git.kernel.org/stable/c/373e0ab8c4c516561493f1acf367c7ee7dc053c2"
},
{
"url": "https://git.kernel.org/stable/c/a6ff6e7a9dd69364547751db0f626a10a6d628d2"
}
],
"title": "usb-storage: alauda: Fix uninit-value in alauda_check_media()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53847",
"datePublished": "2025-12-09T01:30:10.344Z",
"dateReserved": "2025-12-09T01:27:17.827Z",
"dateUpdated": "2025-12-09T01:30:10.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-53847\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-09T16:17:25.137\",\"lastModified\":\"2025-12-09T18:37:13.640\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nusb-storage: alauda: Fix uninit-value in alauda_check_media()\\n\\nSyzbot got KMSAN to complain about access to an uninitialized value in\\nthe alauda subdriver of usb-storage:\\n\\nBUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0\\ndrivers/usb/storage/alauda.c:1137\\nCPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\\nGoogle 01/01/2011\\nCall Trace:\\n __dump_stack lib/dump_stack.c:77 [inline]\\n dump_stack+0x191/0x1f0 lib/dump_stack.c:113\\n kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108\\n __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250\\n alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460\\n\\nThe problem is that alauda_check_media() doesn\u0027t verify that its USB\\ntransfer succeeded before trying to use the received data. What\\nshould happen if the transfer fails isn\u0027t entirely clear, but a\\nreasonably conservative approach is to pretend that no media is\\npresent.\\n\\nA similar problem exists in a usb_stor_dbg() call in\\nalauda_get_media_status(). In this case, when an error occurs the\\ncall is redundant, because usb_stor_ctrl_transfer() already will print\\na debugging message.\\n\\nFinally, unrelated to the uninitialized memory access, is the fact\\nthat alauda_check_media() performs DMA to a buffer on the stack.\\nFortunately usb-storage provides a general purpose DMA-able buffer for\\nuses like this. We\u0027ll use it instead.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/044f4446e06bb03c52216697b14867ebc555ad3b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/153c3e85873cc3e2f387169783c3a227bad9a95a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/373e0ab8c4c516561493f1acf367c7ee7dc053c2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/49d380bcd6cba987c6085fae6464c9c087e8d9a0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7a11d1e2625bdb2346f6586773b20b20977278ac\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a6ff6e7a9dd69364547751db0f626a10a6d628d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fe7c3a445d22783d27fe8bd0521a8aab1eb9da65\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…