CVE-2023-52703

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52703
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52703.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52703
Downstream
Related
Published
2024-05-21T15:22:52.687Z
Modified
2026-03-20T12:32:44.595623Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
Details

In the Linux kernel, the following vulnerability has been resolved:

net/usb: kalmia: Don't pass actlen in usbbulk_msg error path

syzbot reported that actlen in kalmiasendinitpacket() is uninitialized when passing it to the first usbbulkmsg error path. Jiri Pirko noted that it's pointless to pass it in the error path, and that the value that would be printed in the second error path would be the value of actlen from the first call to usbbulk_msg.[1]

With this in mind, let's just not pass actlen to the usbbulk_msg error paths.

1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52703.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d40261236e8e278cb1936cb5e934262971692b10
Fixed
1b5de7d44890b78519acbcc80d8d1f23ff2872e5
Fixed
723ef7b66f37c0841f5a451ccbce47ee1641e081
Fixed
a753352622b4f3c0219e0e9c73114b2848ae6042
Fixed
525bdcb0838d19d918c7786151ee14661967a030
Fixed
338f826d3afead6e4df521f7972a4bef04a72efb
Fixed
02df3170c04a8356cd571ab9155a42f030190abc
Fixed
c68f345b7c425b38656e1791a0486769a8797016

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52703.json"