Linux Kernel USB Driver Vulnerability in Communication Controller
CVE-2023-53840
What is CVE-2023-53840?
A vulnerability in the Linux kernel USB driver has been identified that may lead to potential out-of-bounds memory access. The issue occurs in the xhci-dbc component when the function xdbc_bulk_write() fails. If this function does not successfully terminate properly, the contents of the 'buf' variable can be unpredictable. This could cause the string to be improperly formatted, lacking the expected NULL termination when processed by the xdbc_trace() function. To mitigate this issue, an additional byte has been reserved that is automatically zeroed out, ensuring that any extraneous data in 'buf' does not cause undefined behaviors.
Affected Version(s)
Linux aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0
Linux aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0 < 351c8d8650d1ccc006255fa01f98b6c6496a02e5
Linux aeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0