DEBIAN-CVE-2023-53344
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53344
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53344.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53344
- Upstream
- Published
- 2025-09-17T15:15:38.237Z
- Modified
- 2025-11-14T04:06:39.922635Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup(): fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 [inline] BUG: KMSAN: uninit-value in aiowrite+0x899/0x950 fs/aio.c:1600 aiorwdone fs/aio.c:1520 [inline] aiowrite+0x899/0x950 fs/aio.c:1600 iosubmitone+0x1d1c/0x3bf0 fs/aio.c:2019 _dosysiosubmit fs/aio.c:2078 [inline] _sesysiosubmit+0x293/0x770 fs/aio.c:2048 _x64sysiosubmit+0x92/0xd0 fs/aio.c:2048 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd Uninit was created at: slabpostallochook mm/slab.h:766 [inline] slaballocnode mm/slub.c:3452 [inline] _kmemcacheallocnode+0x71f/0xce0 mm/slub.c:3491 _dokmallocnode mm/slabcommon.c:967 [inline] _kmalloc+0x11d/0x3b0 mm/slabcommon.c:981 kmallocarray include/linux/slab.h:636 [inline] bcmtxsetup+0x80e/0x29d0 net/can/bcm.c:930 bcmsendmsg+0x3a2/0xce0 net/can/bcm.c:1351 socksendmsgnosec net/socket.c:714 [inline] socksendmsg net/socket.c:734 [inline] sockwriteiter+0x495/0x5e0 net/socket.c:1108 callwriteiter include/linux/fs.h:2189 [inline] aiowrite+0x63a/0x950 fs/aio.c:1600 iosubmitone+0x1d1c/0x3bf0 fs/aio.c:2019 _dosysiosubmit fs/aio.c:2078 [inline] _sesysiosubmit+0x293/0x770 fs/aio.c:2048 _x64sysiosubmit+0x92/0xd0 fs/aio.c:2048 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd CPU: 1 PID: 5034 Comm: syz-executor350 Not tainted 6.2.0-rc6-syzkaller-80422-geda666ff2276 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 ===================================================== We can follow the call chain and find that 'bcmtxsetup' function calls 'memcpyfrommsg' to copy some content to the newly allocated frame of 'op->frames'. After that the 'len' field of copied structure being compared with some constant value (64 or 8). However, if 'memcpyfrommsg' returns an error, we will compare some uninitialized memory. This triggers 'uninit-value' issue. This patch will add 'memcpyfrommsg' possible errors processing to avoid uninit-value issue. Tested via syzkaller
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source