CVE-2023-52528: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg

Published Mar 2, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg

syzbot reported the following uninit-value access issue:

===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready drivers/net/usb/smsc75xx.c:975 [inline] BUG: KMSAN: uninit-value in smsc75xxbind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usbhubwq hubevent Call Trace: dumpstack lib/dumpstack.c:77 [inline] dumpstack+0x21c/0x280 lib/dumpstack.c:118 kmsanreport+0xf7/0x1e0 mm/kmsan/kmsanreport.c:121 msanwarning+0x58/0xa0 mm/kmsan/kmsaninstr.c:215 smsc75xxwaitready drivers/net/usb/smsc75xx.c:975 [inline] smsc75xxbind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 usbnetprobe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737 usbprobeinterface+0xece/0x1550 drivers/usb/core/driver.c:374 reallyprobe+0xf20/0x20b0 drivers/base/dd.c:529 driverprobedevice+0x293/0x390 drivers/base/dd.c:701 deviceattachdriver+0x63f/0x830 drivers/base/dd.c:807 busforeachdrv+0x2ca/0x3f0 drivers/base/bus.c:431 deviceattach+0x4e2/0x7f0 drivers/base/dd.c:873 deviceinitialprobe+0x4a/0x60 drivers/base/dd.c:920 busprobedevice+0x177/0x3d0 drivers/base/bus.c:491 deviceadd+0x3b0e/0x40d0 drivers/base/core.c:2680 usbsetconfiguration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usbgenericdriverprobe+0x138/0x300 drivers/usb/core/generic.c:241 usbprobedevice+0x311/0x490 drivers/usb/core/driver.c:272 reallyprobe+0xf20/0x20b0 drivers/base/dd.c:529 driverprobedevice+0x293/0x390 drivers/base/dd.c:701 deviceattachdriver+0x63f/0x830 drivers/base/dd.c:807 busforeachdrv+0x2ca/0x3f0 drivers/base/bus.c:431 deviceattach+0x4e2/0x7f0 drivers/base/dd.c:873 deviceinitialprobe+0x4a/0x60 drivers/base/dd.c:920 busprobedevice+0x177/0x3d0 drivers/base/bus.c:491 deviceadd+0x3b0e/0x40d0 drivers/base/core.c:2680 usbnewdevice+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hubportconnect drivers/usb/core/hub.c:5208 [inline] hubportconnectchange drivers/usb/core/hub.c:5348 [inline] portevent drivers/usb/core/hub.c:5494 [inline] hubevent+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 processonework+0x1688/0x2140 kernel/workqueue.c:2269 workerthread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 retfromfork+0x1f/0x30 arch/x86/entry/entry64.S:293

Local variable ----buf.i87@smsc75xxbind created at: smsc75xxreadreg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xxwaitready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xxbind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 smsc75xxreadreg drivers/net/usb/smsc75xx.c:83 [inline] smsc75xxwaitready drivers/net/usb/smsc75xx.c:968 [inline] smsc75xxbind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482

This issue is caused because usbnetreadcmd() reads less bytes than requested (zero byte in the reproducer). In this case, 'buf' is not properly filled.

This patch fixes the issue by returning -ENODATA if usbnetreadcmd() reads less bytes than requested.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg

The Linux kernel CVE team has assigned CVE-2023-52528 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030254-CVE-2023-52528-c33b@gregkh/T/#u

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by an error related to uninit-value access in smsc75xxreadreg. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

24 affected componentsFixes available
Linux Linux kernel>=2.6.34<4.14.327
Linux Linux kernel>=4.15<4.19.296
Linux Linux kernel>=4.20<5.4.258
Linux Linux kernel>=5.5<5.10.198
Linux Linux kernel>=5.11<5.15.135
Linux Linux kernel>=5.16<6.1.57
Linux Linux kernel>=6.2<6.5.7
Linux Linux kernel=6.6-rc1
Linux Linux kernel=6.6-rc2
Linux Linux kernel=6.6-rc3
Linux Linux kernel=6.6-rc4
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.133-16.12.22-16.12.25-1
redhat/kernel<4.14.327
4.14.327
redhat/kernel<4.19.296
4.19.296
redhat/kernel<5.4.258
5.4.258
redhat/kernel<5.10.198
5.10.198
redhat/kernel<5.15.135
5.15.135
redhat/kernel<6.1.57
6.1.57
redhat/kernel<6.5.7
6.5.7
redhat/kernel<6.6
6.6

Remediation

Patch Available

https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed

Patch Available

https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5

Patch Available

https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825

Patch Available

https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4

Patch Available

https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d

Patch Available

https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09

Patch Available

https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812

Patch Available

https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8

Event History

Mar 2, 2024
CVE Published
via MITRE·09:52 PM
Data Sourced
via MITRE·09:52 PM
Description
Mar 4, 2024
Data Sourced
via Red Hat·07:30 PM
DescriptionSeverityAffected Software
Oct 19, 2024
Data Sourced
via Launchpad·11:27 PM
Description
Apr 26, 2025
Data Sourced
via Ubuntu·11:49 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52528?

CVE-2023-52528 is classified as a security vulnerability in the Linux kernel that involves uninitialized value access.

2

How do I fix CVE-2023-52528?

To fix CVE-2023-52528, update your Linux kernel to versions 4.14.327, 4.19.296, 5.4.258, 5.10.198, 5.15.135, 6.1.57, 6.5.7, 6.6, or later as available.

3

Which Linux kernel versions are affected by CVE-2023-52528?

CVE-2023-52528 affects various versions of the Linux kernel including those earlier than 4.14.327, 4.19.296, 5.4.258, 5.10.198, 5.15.135, and 6.1.57.

4

Is CVE-2023-52528 specific to a particular distribution?

CVE-2023-52528 affects multiple distributions of the Linux kernel but specifically has remedies available in Red Hat and Debian.

5

What is the impact of CVE-2023-52528?

The impact of CVE-2023-52528 involves potential exploitation through uninitialized variable access, which could lead to undefined behavior in the kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203