CVE - CVE-2023-53119

CVE-ID
CVE-2023-53119	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Call Trace: <IRQ> __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Initialize the field with the pn533_usb_phy currently used. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0f9c1f26d434c32520dfe33326b28c5954bc4299 URL:https://git.kernel.org/stable/c/0f9c1f26d434c32520dfe33326b28c5954bc4299 MISC:https://git.kernel.org/stable/c/2703da78849c47b6b5b4471edb35fc7b7f91dead URL:https://git.kernel.org/stable/c/2703da78849c47b6b5b4471edb35fc7b7f91dead MISC:https://git.kernel.org/stable/c/2bd1ed6d607d7013ed4959e86990a04f028543ef URL:https://git.kernel.org/stable/c/2bd1ed6d607d7013ed4959e86990a04f028543ef MISC:https://git.kernel.org/stable/c/2bee84369b76f6c9ef71938069c65a6ebd1a12f7 URL:https://git.kernel.org/stable/c/2bee84369b76f6c9ef71938069c65a6ebd1a12f7 MISC:https://git.kernel.org/stable/c/2cbd4213baf7be5d87d183e2032c54003de0790f URL:https://git.kernel.org/stable/c/2cbd4213baf7be5d87d183e2032c54003de0790f MISC:https://git.kernel.org/stable/c/484b7059796e3bc1cb527caa61dfc60da649b4f6 URL:https://git.kernel.org/stable/c/484b7059796e3bc1cb527caa61dfc60da649b4f6 MISC:https://git.kernel.org/stable/c/4c20a07ed26a71a8ccc9c6d935fc181573f5462e URL:https://git.kernel.org/stable/c/4c20a07ed26a71a8ccc9c6d935fc181573f5462e MISC:https://git.kernel.org/stable/c/a97ef110c491b72c138111a595a3a3af56cbc94c URL:https://git.kernel.org/stable/c/a97ef110c491b72c138111a595a3a3af56cbc94c
Assigning CNA
kernel.org
Date Record Created
20250502	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250502)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)