SB20240603157 - Use of uninitialized resource in Linux kernel net usb driver
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240603157
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2023-52528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4
- https://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed
- https://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825
- https://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5
- https://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812
- https://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09
- https://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d
- https://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.327
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.296
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.198
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.135
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.258
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6