CVE-2023-52703
Description
Important: kernel security and bug fix update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4352.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4352
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4211.html
Vendor advisory: alma — https://bugzilla.redhat.com/2282920
Vendor advisory: alma — https://bugzilla.redhat.com/2282902
Vendor advisory: alma — https://bugzilla.redhat.com/2282735
Vendor advisory: alma — https://bugzilla.redhat.com/2282712
Vendor advisory: alma — https://bugzilla.redhat.com/2282698
Vendor advisory: alma — https://bugzilla.redhat.com/2282680
Vendor advisory: alma — https://bugzilla.redhat.com/2282653
Vendor advisory: alma — https://bugzilla.redhat.com/2282612
Vendor advisory: alma — https://bugzilla.redhat.com/2282609
Vendor advisory: alma — https://bugzilla.redhat.com/2282581
Vendor advisory: alma — https://bugzilla.redhat.com/2282472
Vendor advisory: alma — https://bugzilla.redhat.com/2282471
Vendor advisory: alma — https://bugzilla.redhat.com/2282400
Vendor advisory: alma — https://bugzilla.redhat.com/2282394
Vendor advisory: alma — https://bugzilla.redhat.com/2281986
Vendor advisory: alma — https://bugzilla.redhat.com/2281953
Vendor advisory: alma — https://bugzilla.redhat.com/2281925
Vendor advisory: alma — https://bugzilla.redhat.com/2281923
Vendor advisory: alma — https://bugzilla.redhat.com/2281920
Vendor advisory: alma — https://bugzilla.redhat.com/2281693
Vendor advisory: alma — https://bugzilla.redhat.com/2281689
Vendor advisory: alma — https://bugzilla.redhat.com/2281350
Vendor advisory: alma — https://bugzilla.redhat.com/2281346
Vendor advisory: alma — https://bugzilla.redhat.com/2281334
Vendor advisory: alma — https://bugzilla.redhat.com/2281311
Vendor advisory: alma — https://bugzilla.redhat.com/2281272
Vendor advisory: alma — https://bugzilla.redhat.com/2281257
Vendor advisory: alma — https://bugzilla.redhat.com/2281255
Vendor advisory: alma — https://bugzilla.redhat.com/2281253
Vendor advisory: alma — https://bugzilla.redhat.com/2281251
Vendor advisory: alma — https://bugzilla.redhat.com/2281165
Vendor advisory: alma — https://bugzilla.redhat.com/2281157
Vendor advisory: alma — https://bugzilla.redhat.com/2281113
Vendor advisory: alma — https://bugzilla.redhat.com/2281057
Vendor advisory: alma — https://bugzilla.redhat.com/2280434
Vendor advisory: alma — https://bugzilla.redhat.com/2278354
Vendor advisory: alma — https://bugzilla.redhat.com/2278337
Vendor advisory: alma — https://bugzilla.redhat.com/2275733
Vendor advisory: alma — https://bugzilla.redhat.com/2275635
Vendor advisory: alma — https://bugzilla.redhat.com/2275633
Vendor advisory: alma — https://bugzilla.redhat.com/2275604
Vendor advisory: alma — https://bugzilla.redhat.com/2273429
Vendor advisory: alma — https://bugzilla.redhat.com/2273423
Vendor advisory: alma — https://bugzilla.redhat.com/2273278
Vendor advisory: alma — https://bugzilla.redhat.com/2273204
Vendor advisory: alma — https://bugzilla.redhat.com/2272829
Vendor advisory: alma — https://bugzilla.redhat.com/2272692
Vendor advisory: alma — https://bugzilla.redhat.com/2271680
Vendor advisory: alma — https://bugzilla.redhat.com/2270093
Vendor advisory: alma — https://bugzilla.redhat.com/2267730
Vendor advisory: alma — https://bugzilla.redhat.com/2267518
Vendor advisory: alma — https://bugzilla.redhat.com/2267513
Vendor advisory: alma — https://bugzilla.redhat.com/2266831
Vendor advisory: alma — https://bugzilla.redhat.com/2266408
Vendor advisory: alma — https://bugzilla.redhat.com/2265800
Vendor advisory: alma — https://bugzilla.redhat.com/2265520
Vendor advisory: alma — https://bugzilla.redhat.com/2265519
Vendor advisory: alma — https://bugzilla.redhat.com/2265517
Vendor advisory: alma — https://bugzilla.redhat.com/2258875
Vendor advisory: alma — https://bugzilla.redhat.com/2248122
Vendor advisory: alma — https://bugzilla.redhat.com/1918601
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4211
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-52703
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-52703.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4211
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4352
Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:4211
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:9315
Mitigation details
Description kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path CVSS v3: 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10RHSA-2024:43522024-07-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.8.1.el8_10RHSA-2024:42112024-07-02T00:00:00Z Red Hat…
Description
kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
CVSS v3: 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10 | RHSA-2024:4352 | 2024-07-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.8.1.el8_10 | RHSA-2024:4211 | 2024-07-02T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-503.11.1.el9_5 | RHSA-2024:9315 | 2024-11-12T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-503.11.1.el9_5 | RHSA-2024:9315 | 2024-11-12T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | kernel-0:5.14.0-427.70.1.el9_4 | RHSA-2025:8248 | 2025-05-28T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope |
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.15-1 |
| debian | bullseye | fixed | 5.10.178-1 |
| debian | forky | fixed | 6.1.15-1 |
| debian | sid | fixed | 6.1.15-1 |
| debian | trixie | fixed | 6.1.15-1 |
| almalinux | 8 | fixed | kernel-abi-stablelists-4.18.0-553.8.1.el8_10.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:9315
- https://errata.rockylinux.org/RXSA-2024:4211
- https://errata.rockylinux.org/RLSA-2024:4352
- https://errata.rockylinux.org/RLSA-2024:4211
- https://www.suse.com/security/cve/CVE-2023-52703.html
- https://security-tracker.debian.org/tracker/CVE-2023-52703
- https://access.redhat.com/errata/RHSA-2024:4211
- https://bugzilla.redhat.com/1918601
- https://bugzilla.redhat.com/2248122
- https://bugzilla.redhat.com/2258875
- https://bugzilla.redhat.com/2265517
- https://bugzilla.redhat.com/2265519
- https://bugzilla.redhat.com/2265520
- https://bugzilla.redhat.com/2265800
- https://bugzilla.redhat.com/2266408
- https://bugzilla.redhat.com/2266831
- https://bugzilla.redhat.com/2267513
- https://bugzilla.redhat.com/2267518
- https://bugzilla.redhat.com/2267730
- https://bugzilla.redhat.com/2270093
- https://bugzilla.redhat.com/2271680
- https://bugzilla.redhat.com/2272692
- https://bugzilla.redhat.com/2272829
- https://bugzilla.redhat.com/2273204
- https://bugzilla.redhat.com/2273278
Verify integrity in audit chain (admin only). AS-IS.