{"id":"CVE-2023-53015","summary":"HID: betop: check shape of output reports","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: betop: check shape of output reports\n\nbetopff_init() only checks the total sum of the report counts for each\nreport field to be at least 4, but hid_betopff_play() expects 4 report\nfields.\nA device advertising an output report with one field and 4 report counts\nwould pass the check but crash the kernel with a NULL pointer dereference\nin hid_betopff_play().","modified":"2026-04-11T12:46:39.580105Z","published":"2025-03-27T16:43:43.886Z","related":["SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1195-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53015.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/07bc32e53c7bd5c91472cc485231ef6274db9b76"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1a2a47b85cab50a3c146731bfeaf2d860f5344ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/28fc6095da22dc88433d79578ae1c495ebe8ca43"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3782c0d6edf658b71354a64d60aa7a296188fc90"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7317326f685824c7c29bd80841fd18041af6bb73"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d3065cc56221d1a5eda237e94eaf2a627b88ab79"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dbab4dba400d6ea9a9697fbbd287adbf7db1dac4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53015.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53015"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"52cd7785f3cdd2724f4efb5b21dbc75d6f9ccef4"},{"fixed":"dbab4dba400d6ea9a9697fbbd287adbf7db1dac4"},{"fixed":"7317326f685824c7c29bd80841fd18041af6bb73"},{"fixed":"d3065cc56221d1a5eda237e94eaf2a627b88ab79"},{"fixed":"28fc6095da22dc88433d79578ae1c495ebe8ca43"},{"fixed":"1a2a47b85cab50a3c146731bfeaf2d860f5344ee"},{"fixed":"07bc32e53c7bd5c91472cc485231ef6274db9b76"},{"fixed":"3782c0d6edf658b71354a64d60aa7a296188fc90"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53015.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.0.0"},{"fixed":"4.14.305"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.272"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.231"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.166"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.91"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53015.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}