CVE-2023-53015

Description

In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hid_betopff_play().

Reserved 2025-03-27 | Published 2025-03-27 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before dbab4dba400d6ea9a9697fbbd287adbf7db1dac4
affected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before 7317326f685824c7c29bd80841fd18041af6bb73
affected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before d3065cc56221d1a5eda237e94eaf2a627b88ab79
affected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before 28fc6095da22dc88433d79578ae1c495ebe8ca43
affected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before 1a2a47b85cab50a3c146731bfeaf2d860f5344ee
affected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before 07bc32e53c7bd5c91472cc485231ef6274db9b76
affected

52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4 before 3782c0d6edf658b71354a64d60aa7a296188fc90
affected

Default status
affected

4.0
affected

Any version before 4.0
unaffected

4.14.305
unaffected

4.19.272
unaffected

5.4.231
unaffected

5.10.166
unaffected

5.15.91
unaffected

6.1.9
unaffected

6.2
unaffected

References

git.kernel.org/...c/dbab4dba400d6ea9a9697fbbd287adbf7db1dac4

git.kernel.org/...c/7317326f685824c7c29bd80841fd18041af6bb73

git.kernel.org/...c/d3065cc56221d1a5eda237e94eaf2a627b88ab79

git.kernel.org/...c/28fc6095da22dc88433d79578ae1c495ebe8ca43

git.kernel.org/...c/1a2a47b85cab50a3c146731bfeaf2d860f5344ee

git.kernel.org/...c/07bc32e53c7bd5c91472cc485231ef6274db9b76

git.kernel.org/...c/3782c0d6edf658b71354a64d60aa7a296188fc90

cve.org (CVE-2023-53015)

nvd.nist.gov (CVE-2023-53015)

Download JSON