CVE-2023-53059

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53059

Import Source

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-53059

Downstream

Related

Published

2025-05-02T15:55:13.662Z

Modified

2026-04-03T13:14:22.624034438Z

Summary

platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl

Details

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: crosecchardev: fix kernel data leak from ioctl

It is possible to peep kernel page's data by providing larger insize in struct croseccommand[1] when invoking EC host commands.

Fix it by using zeroed memory.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53059.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

eda2e30c6684d67288edb841c6125d48c608a242

Fixed

13493ad6a220cb3f6f3552a16b4f2753a118b633

Fixed

f86ff88a1548ccf5a13960c0e7625ca787ea0993

Fixed

ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4

Fixed

eab28bfafcd1245a3510df9aa9eb940589956ea6

Fixed

a0d8644784f73fa39f57f72f374eefaba2bf48a0

Fixed

b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53059.json"