CVE-2023-53015

betopffinit() only checks the total sum of the report counts for each report field to be at least 4, but hidbetopffplay() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hidbetopff_play().

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53015.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4

Fixed

dbab4dba400d6ea9a9697fbbd287adbf7db1dac4

Fixed

7317326f685824c7c29bd80841fd18041af6bb73

Fixed

d3065cc56221d1a5eda237e94eaf2a627b88ab79

Fixed

28fc6095da22dc88433d79578ae1c495ebe8ca43

Fixed

1a2a47b85cab50a3c146731bfeaf2d860f5344ee

Fixed

07bc32e53c7bd5c91472cc485231ef6274db9b76

Fixed

3782c0d6edf658b71354a64d60aa7a296188fc90

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53015.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.14.305

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.272

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.231

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.166

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.91

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53015.json"