CVE-2023-53015

HID: betop: check shape of output reports

Description

In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertising an output report with one field and 4 report counts would pass the check but crash the kernel with a NULL pointer dereference in hid_betopff_play().

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/dbab4dba400d6ea9a9697fbbd287adbf7db1dac4 patch
https://git.kernel.org/stable/c/7317326f685824c7c29bd80841fd18041af6bb73 patch
https://git.kernel.org/stable/c/d3065cc56221d1a5eda237e94eaf2a627b88ab79 patch
https://git.kernel.org/stable/c/28fc6095da22dc88433d79578ae1c495ebe8ca43 patch
https://git.kernel.org/stable/c/1a2a47b85cab50a3c146731bfeaf2d860f5344ee patch
https://git.kernel.org/stable/c/07bc32e53c7bd5c91472cc485231ef6274db9b76 patch
https://git.kernel.org/stable/c/3782c0d6edf658b71354a64d60aa7a296188fc90 patch

Frequently Asked Questions

What is the severity of CVE-2023-53015?
CVE-2023-53015 has been scored as a medium severity vulnerability.
How to fix CVE-2023-53015?
To fix CVE-2023-53015, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53015 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-53015 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53015?
CVE-2023-53015 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.