CVE-2023-53059

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53059
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53059.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53059
Downstream
Related
Published
2025-05-02T15:55:13.662Z
Modified
2026-04-11T12:46:40.450648Z
Summary
platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
Details

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: crosecchardev: fix kernel data leak from ioctl

It is possible to peep kernel page's data by providing larger insize in struct croseccommand[1] when invoking EC host commands.

Fix it by using zeroed memory.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53059.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eda2e30c6684d67288edb841c6125d48c608a242
Fixed
13493ad6a220cb3f6f3552a16b4f2753a118b633
Fixed
f86ff88a1548ccf5a13960c0e7625ca787ea0993
Fixed
ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4
Fixed
eab28bfafcd1245a3510df9aa9eb940589956ea6
Fixed
a0d8644784f73fa39f57f72f374eefaba2bf48a0
Fixed
b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53059.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.4.240
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.177
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.105
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.22
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53059.json"