{"id":"CVE-2023-53062","summary":"net: usb: smsc95xx: Limit packet length to skb-\u003elen","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.","modified":"2026-04-11T12:46:40.502493Z","published":"2025-05-02T15:55:16.211Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53062.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/33d1603a38e05886c538129ddfe00bd52d347e7b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70eb25c6a6cde149affe8a587371a3a8ad295ba0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/733580e268a53db1cd01f2251419da91866378f6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba6c40227108f8ee428e42eb0337b48ed3001e65"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d3c145a4d24b752c9a1314d5a595014d51471418"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e041bef1adee02999cf24f9a2e15ed452bc363fe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f2111c791d885211714db85f9a06188571c57dd0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ff821092cf02a70c2bccd2d19269f01e29aa52cf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53062.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53062"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2f7ca802bdae2ca41022618391c70c2876d92190"},{"fixed":"733580e268a53db1cd01f2251419da91866378f6"},{"fixed":"d3c145a4d24b752c9a1314d5a595014d51471418"},{"fixed":"f2111c791d885211714db85f9a06188571c57dd0"},{"fixed":"33d1603a38e05886c538129ddfe00bd52d347e7b"},{"fixed":"ba6c40227108f8ee428e42eb0337b48ed3001e65"},{"fixed":"e041bef1adee02999cf24f9a2e15ed452bc363fe"},{"fixed":"70eb25c6a6cde149affe8a587371a3a8ad295ba0"},{"fixed":"ff821092cf02a70c2bccd2d19269f01e29aa52cf"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53062.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.28"},{"fixed":"4.14.312"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.280"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.240"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.177"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.105"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53062.json"}}],"schema_version":"1.7.5"}