CVE-2023-52703

net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

Description

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first usb_bulk_msg error path. Jiri Pirko noted that it's pointless to pass it in the error path, and that the value that would be printed in the second error path would be the value of act_len from the first call to usb_bulk_msg.[1] With this in mind, let's just not pass act_len to the usb_bulk_msg error paths. 1: https://lore.kernel.org/lkml/Y9pY61y1nwTuzMOa@nanopsycho/

3.3
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1b5de7d44890b78519acbcc80d8d1f23ff2872e5
https://git.kernel.org/stable/c/723ef7b66f37c0841f5a451ccbce47ee1641e081
https://git.kernel.org/stable/c/a753352622b4f3c0219e0e9c73114b2848ae6042
https://git.kernel.org/stable/c/525bdcb0838d19d918c7786151ee14661967a030
https://git.kernel.org/stable/c/338f826d3afead6e4df521f7972a4bef04a72efb
https://git.kernel.org/stable/c/02df3170c04a8356cd571ab9155a42f030190abc
https://git.kernel.org/stable/c/c68f345b7c425b38656e1791a0486769a8797016

Frequently Asked Questions

What is the severity of CVE-2023-52703?
CVE-2023-52703 has been scored as a low severity vulnerability.
How to fix CVE-2023-52703?
To fix CVE-2023-52703, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52703 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52703 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52703?
CVE-2023-52703 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.