CVE-2023-37453

out-of-bounds in read_descriptors in drivers/usb/core/sysfs

References

https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca%40google.com/T/
https://lore.kernel.org/all/000000000000e56434059580f86e%40google.com/T/

Notes

 carnil> Introduced by 45bf39f8df7f ("USB: core: Don't hold device lock
 carnil> while reading the "descriptors" sysfs file") in 6.3-rc1 (but
 carnil> backported to 4.19.275, 5.10.171, 6.1.15 and other stable
 carnil> series back in the time).

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	needed
5.10-bullseye-security	released (5.10.197-1)
5.10-upstream-stable	released (5.10.195) [9d241c5d9a9b7ad95c90c6520272fe404d5ac88f]
6.1-bookworm-security	released (6.1.55-1)
6.1-upstream-stable	released (6.1.53) [8186596a663506b1124bede9fde6f243ef9f37ee]
6.6-upstream-stable	unknown
6.8-upstream-stable	unknown
sid	released (6.5.3-1)
upstream	released (6.6-rc1) [ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b]