CVE-2023-53840 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

6.1MEDIUM

No vector

EPSS

0.0%

top 90.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_write() fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbc_trace() is called. Reserve an extra byte, which will be zeroed automatically because 'buf' is a static variable, in order to avoid troubles, should it happen.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.12.0 — 5.15.99+2

▶Debianlinux/linux_kernel< 6.1.20-1+2

▶CVEListV5linux/linuxaeb9dd1de98c1a5f2007ea5d2a154c1244caf8a0 — e8fb0f13e45cf361fd06593d3cb2d89915cd3bd0+4

▶debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

OSV

usb: early: xhci-dbc: Fix a potential out-of-bound memory access↗2025-12-09

▶

GHSA

GHSA-x48h-3p3j-rpqg: In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_wr↗2025-12-09

▶

OSV

CVE-2023-53840: In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbc_bulk_writ↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: usb: early: xhci-dbc: Fix a potential out-of-bound memory access↗2025-12-09

▶

Debian

CVE-2023-53840: linux - In the Linux kernel, the following vulnerability has been resolved: usb: early:...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53840 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶