CVE-2023-53119

Published May 2, 2025

Last updated 5 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Call Trace: <IRQ> __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Initialize the field with the pn533_usb_phy currently used. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-908

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D1AD31C5-5224-4C35-A5F4-8208B2F31E61",
            "versionEndExcluding": "4.14.311",
            "versionStartIncluding": "4.14.303",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A110595A-98FB-4569-8867-789891A6FA1F",
            "versionEndExcluding": "4.19.279",
            "versionStartIncluding": "4.19.270",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C6EFCED7-16F3-4676-9897-F1C04911D7EA",
            "versionEndExcluding": "5.4.238",
            "versionStartIncluding": "5.4.229",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C9EF21F0-BCD6-4174-8D66-216747D47196",
            "versionEndExcluding": "5.10.176",
            "versionStartIncluding": "5.10.164",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BF66EC1E-58B4-4299-96A7-9CDD62ECE417",
            "versionEndExcluding": "5.15.104",
            "versionStartIncluding": "5.15.89",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E4722C73-D813-4808-9A4E-A100787F2D4F",
            "versionEndExcluding": "6.1.21",
            "versionStartIncluding": "6.1.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "29973398-69A1-4155-BB90-156EE9A4763A",
            "versionEndExcluding": "6.2.8",
            "versionStartIncluding": "6.2.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:*",
            "matchCriteriaId": "3ADCCCEE-143A-4B48-9B2A-0CB97BD385DE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "C64BDD9D-C663-4E75-AE06-356EDC392B82",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*",
            "matchCriteriaId": "26544390-88E4-41CA-98BF-7BB1E9D4E243",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References