Uninitialized Memory Access in USB Storage Drivers Affects Linux Kernel
CVE-2023-53847

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2023-53847?

This vulnerability involves an uninitialized memory access in the alauda subdriver within the USB storage drivers of the Linux kernel. Specifically, the function alauda_check_media() fails to validate the success of a USB transfer before utilizing the received data, potentially leading to unpredictable behavior. Further compounding the issue, similar concerns arise in the alauda_get_media_status() function where redundant debug messages could lead to confusion during error handling. Additionally, the function performs Direct Memory Access (DMA) to a stack-based buffer, which is unsafe; to mitigate this, the kernel now uses a general-purpose DMA-able buffer for safer operations.

Affected Version(s)

Linux e80b0fade09ef1ee67b0898d480d4c588f124d5f < 153c3e85873cc3e2f387169783c3a227bad9a95a

Linux e80b0fade09ef1ee67b0898d480d4c588f124d5f < 49d380bcd6cba987c6085fae6464c9c087e8d9a0

Linux e80b0fade09ef1ee67b0898d480d4c588f124d5f < 044f4446e06bb03c52216697b14867ebc555ad3b

References

https://git.kernel.org/stable/c/153c3e85873cc3e2f38716978...

https://git.kernel.org/stable/c/49d380bcd6cba987c6085fae6...

https://git.kernel.org/stable/c/044f4446e06bb03c52216697b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

JSON