CVE-2023-53847
Description
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Fix uninit-value in alauda_check_media()
Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage:
BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0 drivers/usb/storage/alauda.c:1137 CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x191/0x1f0 lib/dump_stack.c:113 kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250 alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460
The problem is that alauda_check_media() doesn't verify that its USB transfer succeeded before trying to use the received data. What should happen if the transfer fails isn't entirely clear, but a reasonably conservative approach is to pretend that no media is present.
A similar problem exists in a usb_stor_dbg() call in alauda_get_media_status(). In this case, when an error occurs the call is redundant, because usb_stor_ctrl_transfer() already will print a debugging message.
Finally, unrelated to the uninitialized memory access, is the fact that alauda_check_media() performs DMA to a buffer on the stack. Fortunately usb-storage provides a general purpose DMA-able buffer for uses like this. We'll use it instead.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Uninitialized memory access in Linux kernel's usb-storage alauda driver can lead to information disclosure.
In the Linux kernel's usb-storage subsystem, the alauda subdriver contains an uninitialized value bug in the alauda_check_media() function. The function performs USB transfers but does not verify their success before processing received data, resulting in access to uninitialized memory. This was reported by syzbot as an KMSAN uninit-value warning [1].
Exploitation requires an attacker to connect a malicious USB device that triggers the vulnerable code path. No authentication is needed, and the attacker must have physical access to the system. The debugging print in alauda_get_media_status() also suffers from a similar issue, where an error in a USB transfer leads to redundant or potentially unsafe data use [1].
The impact of successful exploitation is information disclosure through reading uninitialized kernel memory, potentially leaking sensitive data. The severity is limited by the need for physical access, but the bug could expose kernel memory contents to an attacker [1].
Mitigation is provided by kernel commits that add proper error checks for USB transfers and replace stack-allocated DMA buffers with a driver-provided DMA-able buffer. The fix is included in stable kernel updates via commits [1], [2], and [3]. Users should apply these patches or update to a kernel version containing them.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
8153c3e85873c49d380bcd6cb044f4446e06bfe7c3a445d227a11d1e2625b0d2d5282d39a373e0ab8c4c5a6ff6e7a9dd6Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/044f4446e06bb03c52216697b14867ebc555ad3bnvd
- git.kernel.org/stable/c/0d2d5282d39aed6f27dfe1ed60a5f3934ebd21cdnvd
- git.kernel.org/stable/c/153c3e85873cc3e2f387169783c3a227bad9a95anvd
- git.kernel.org/stable/c/373e0ab8c4c516561493f1acf367c7ee7dc053c2nvd
- git.kernel.org/stable/c/49d380bcd6cba987c6085fae6464c9c087e8d9a0nvd
- git.kernel.org/stable/c/7a11d1e2625bdb2346f6586773b20b20977278acnvd
- git.kernel.org/stable/c/a6ff6e7a9dd69364547751db0f626a10a6d628d2nvd
- git.kernel.org/stable/c/fe7c3a445d22783d27fe8bd0521a8aab1eb9da65nvd
News mentions
0No linked articles in our index yet.