{
  "threat_severity" : "Low",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: usb-storage: alauda: Fix uninit-value in alauda_check_media()",
    "id" : "2420349",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420349"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-824",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nusb-storage: alauda: Fix uninit-value in alauda_check_media()\nSyzbot got KMSAN to complain about access to an uninitialized value in\nthe alauda subdriver of usb-storage:\nBUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0\ndrivers/usb/storage/alauda.c:1137\nCPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nCall Trace:\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x191/0x1f0 lib/dump_stack.c:113\nkmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108\n__msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250\nalauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460\nThe problem is that alauda_check_media() doesn't verify that its USB\ntransfer succeeded before trying to use the received data.  What\nshould happen if the transfer fails isn't entirely clear, but a\nreasonably conservative approach is to pretend that no media is\npresent.\nA similar problem exists in a usb_stor_dbg() call in\nalauda_get_media_status().  In this case, when an error occurs the\ncall is redundant, because usb_stor_ctrl_transfer() already will print\na debugging message.\nFinally, unrelated to the uninitialized memory access, is the fact\nthat alauda_check_media() performs DMA to a buffer on the stack.\nFortunately usb-storage provides a general purpose DMA-able buffer for\nuses like this.  We'll use it instead.", "An uninitialized value vulnerability was found in the alauda USB storage driver in the Linux kernel. In alauda_check_media(), the function does not verify that USB transfer operations succeeded before using the received data. If a transfer fails, uninitialized memory may be accessed, leading to undefined behavior. Additionally, alauda_check_media() performs DMA to a stack buffer, which is incorrect behavior." ],
  "statement" : "This is an uninitialized memory access vulnerability in the alauda USB storage driver. The impact is limited to systems with Alauda-compatible media devices connected via USB.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:7000",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.22.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53847\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53847\nhttps://lore.kernel.org/linux-cve-announce/2025120959-CVE-2023-53847-1f94@gregkh/T" ],
  "name" : "CVE-2023-53847",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the ums-alauda module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist a kernel module.",
    "lang" : "en:us"
  },
  "csaw" : false
}