Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such service connection responses. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.35, < 4.14.322 |
References
- https://git.kernel.org/stable/c/061b0cb9327b80d7a0f63a33e7c3e2a91a71f142Patch
- https://git.kernel.org/stable/c/09740fa9827cfbaf23ecd041e602a426f99be888Patch
- https://git.kernel.org/stable/c/1044187e7249073f719ebbf9e5ffb4f16f99e555Patch
- https://git.kernel.org/stable/c/4dc3560561a08842b4a4c07ccc5a90e5067dbb5bPatch
- https://git.kernel.org/stable/c/6a444dffb75238c47d2d852f12cf53f12ad2cba8Patch
- https://git.kernel.org/stable/c/95b4b940f0fb2873dcedad81699e869eb7581c85Patch
- https://git.kernel.org/stable/c/9e3031eea2d45918dc44cbfc6a6029e82882916fPatch
- https://git.kernel.org/stable/c/be2a546c30fe8d72efa032bee612363bb75314bdPatch
- https://git.kernel.org/stable/c/db8df00cd6d801b3abdb145201c2bdd1c665f585Patch
FAQ
What is CVE-2023-53185?
CVE-2023-53185 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response mes...
How severe is CVE-2023-53185?
CVE-2023-53185 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53185?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.