DEBIAN-CVE-2023-53578

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-53578
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53578.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53578
Upstream
Published
2025-10-04T16:15:53Z
Modified
2025-10-05T08:09:45.220412Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume() Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230 qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230 qrtrendpointpost+0xf85/0x11b0 net/qrtr/afqrtr.c:519 qrtrtunwriteiter+0x270/0x400 net/qrtr/tun.c:108 callwriteiter include/linux/fs.h:2189 [inline] aiowrite+0x63a/0x950 fs/aio.c:1600 iosubmitone+0x1d1c/0x3bf0 fs/aio.c:2019 _dosysiosubmit fs/aio.c:2078 [inline] _sesysiosubmit+0x293/0x770 fs/aio.c:2048 _x64sysiosubmit+0x92/0xd0 fs/aio.c:2048 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd Uninit was created at: slabpostallochook mm/slab.h:766 [inline] slaballocnode mm/slub.c:3452 [inline] _kmemcacheallocnode+0x71f/0xce0 mm/slub.c:3491 _dokmallocnode mm/slabcommon.c:967 [inline] _kmallocnodetrackcaller+0x114/0x3b0 mm/slabcommon.c:988 kmallocreserve net/core/skbuff.c:492 [inline] _allocskb+0x3af/0x8f0 net/core/skbuff.c:565 _netdevallocskb+0x120/0x7d0 net/core/skbuff.c:630 qrtrendpointpost+0xbd/0x11b0 net/qrtr/afqrtr.c:446 qrtrtunwriteiter+0x270/0x400 net/qrtr/tun.c:108 callwriteiter include/linux/fs.h:2189 [inline] aiowrite+0x63a/0x950 fs/aio.c:1600 iosubmitone+0x1d1c/0x3bf0 fs/aio.c:2019 _dosysiosubmit fs/aio.c:2078 [inline] _sesysiosubmit+0x293/0x770 fs/aio.c:2048 _x64sysiosubmit+0x92/0xd0 fs/aio.c:2048 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd It is because that skb->len requires at least sizeof(struct qrtrctrlpkt) in qrtrtxresume(). And skb->len equals to size in qrtrendpointpost(). But size is less than sizeof(struct qrtrctrlpkt) when qrtrcb->type equals to QRTRTYPERESUMETX in qrtrendpointpost() under the syzbot scenario. This triggers the uninit variable access bug. Add size check when qrtrcb->type equals to QRTRTYPERESUMETX in qrtrendpointpost() to fix the bug.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.178-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}