cve/published/2023/CVE-2023-52781.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52781: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

 The BOS descriptor defines a root descriptor and is the base descriptor for
 accessing a family of related descriptors.

 Function 'usb_get_bos_descriptor()' encounters an iteration issue when
 skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
 the same descriptor being read repeatedly.

 To address this issue, a 'goto' statement is introduced to ensure that the
 pointer and the amount read is updated correctly. This ensures that the
 function iterates to the next descriptor instead of reading the same
 descriptor repeatedly.

 The Linux kernel CVE team has assigned CVE-2023-52781 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 5.10.203 with commit 9ef94ec8e52eaf7b9abc5b5f8f5b911751112223
 	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 5.15.142 with commit 64c27b7b2357ddb38b6afebaf46d5bff4d250702
 	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 6.1.66 with commit f89fef7710b2ba0f7a1e46594e530dcf2f77be91
 	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 6.6.4 with commit 7c0244cc311a4038505b73682b7c8ceaa5c7a8c8
 	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 6.7 with commit 974bba5c118f4c2baf00de0356e3e4f7928b4cbc
 	Issue introduced in 3.16.79 with commit 77ce180d68beffd1af620d0121590e16683fc6b8
 	Issue introduced in 4.4.194 with commit 20a07e1aadcd6990893c532d1b2b507bfa065152
 	Issue introduced in 4.9.194 with commit a5c051b6503c0ba543e993cfc295b64f096e0a29
 	Issue introduced in 4.14.146 with commit ea4a173d8358b756a780786baa3fc39d282bdbe3
 	Issue introduced in 4.19.75 with commit 77d4e2a058858b4a94fc469bc1bfc94a0958e252
 	Issue introduced in 5.2.17 with commit 1fc15d29540a69cfb55c8b8f8c38f1af33178243
 	Issue introduced in 5.3.1 with commit 9f8dd40c68c176f2c3f1fc8b87bc81756856938f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52781
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/core/config.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/9ef94ec8e52eaf7b9abc5b5f8f5b911751112223
 	https://git.kernel.org/stable/c/64c27b7b2357ddb38b6afebaf46d5bff4d250702
 	https://git.kernel.org/stable/c/f89fef7710b2ba0f7a1e46594e530dcf2f77be91
 	https://git.kernel.org/stable/c/7c0244cc311a4038505b73682b7c8ceaa5c7a8c8
 	https://git.kernel.org/stable/c/974bba5c118f4c2baf00de0356e3e4f7928b4cbc
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52781: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

	The BOS descriptor defines a root descriptor and is the base descriptor for
	accessing a family of related descriptors.

	Function 'usb_get_bos_descriptor()' encounters an iteration issue when
	skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in
	the same descriptor being read repeatedly.

	To address this issue, a 'goto' statement is introduced to ensure that the
	pointer and the amount read is updated correctly. This ensures that the
	function iterates to the next descriptor instead of reading the same
	descriptor repeatedly.

	The Linux kernel CVE team has assigned CVE-2023-52781 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 5.10.203 with commit 9ef94ec8e52eaf7b9abc5b5f8f5b911751112223
	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 5.15.142 with commit 64c27b7b2357ddb38b6afebaf46d5bff4d250702
	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 6.1.66 with commit f89fef7710b2ba0f7a1e46594e530dcf2f77be91
	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 6.6.4 with commit 7c0244cc311a4038505b73682b7c8ceaa5c7a8c8
	Issue introduced in 5.4 with commit 3dd550a2d36596a1b0ee7955da3b611c031d3873 and fixed in 6.7 with commit 974bba5c118f4c2baf00de0356e3e4f7928b4cbc
	Issue introduced in 3.16.79 with commit 77ce180d68beffd1af620d0121590e16683fc6b8
	Issue introduced in 4.4.194 with commit 20a07e1aadcd6990893c532d1b2b507bfa065152
	Issue introduced in 4.9.194 with commit a5c051b6503c0ba543e993cfc295b64f096e0a29
	Issue introduced in 4.14.146 with commit ea4a173d8358b756a780786baa3fc39d282bdbe3
	Issue introduced in 4.19.75 with commit 77d4e2a058858b4a94fc469bc1bfc94a0958e252
	Issue introduced in 5.2.17 with commit 1fc15d29540a69cfb55c8b8f8c38f1af33178243
	Issue introduced in 5.3.1 with commit 9f8dd40c68c176f2c3f1fc8b87bc81756856938f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52781
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/core/config.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/9ef94ec8e52eaf7b9abc5b5f8f5b911751112223
	https://git.kernel.org/stable/c/64c27b7b2357ddb38b6afebaf46d5bff4d250702
	https://git.kernel.org/stable/c/f89fef7710b2ba0f7a1e46594e530dcf2f77be91
	https://git.kernel.org/stable/c/7c0244cc311a4038505b73682b7c8ceaa5c7a8c8
	https://git.kernel.org/stable/c/974bba5c118f4c2baf00de0356e3e4f7928b4cbc