Description

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74

INFO

Published Date :

2025-05-02T15:55:13.662Z

Last Modified :

2025-05-04T07:48:56.262Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53059 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53059.

URL Resource
https://git.kernel.org/stable/c/13493ad6a220cb3f6f3552a16b4f2753a118b633 cve-icon cve-icon
https://git.kernel.org/stable/c/a0d8644784f73fa39f57f72f374eefaba2bf48a0 cve-icon cve-icon
https://git.kernel.org/stable/c/b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3 cve-icon cve-icon
https://git.kernel.org/stable/c/eab28bfafcd1245a3510df9aa9eb940589956ea6 cve-icon cve-icon
https://git.kernel.org/stable/c/ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4 cve-icon cve-icon
https://git.kernel.org/stable/c/f86ff88a1548ccf5a13960c0e7625ca787ea0993 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050209-CVE-2023-53059-47f3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53059 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53059 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact