{"id":"CVE-2023-53059","summary":"platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page's data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74","modified":"2026-04-03T13:14:44.022418Z","published":"2025-05-02T15:55:13.662Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53059.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13493ad6a220cb3f6f3552a16b4f2753a118b633"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a0d8644784f73fa39f57f72f374eefaba2bf48a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eab28bfafcd1245a3510df9aa9eb940589956ea6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f86ff88a1548ccf5a13960c0e7625ca787ea0993"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53059.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53059"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"eda2e30c6684d67288edb841c6125d48c608a242"},{"fixed":"13493ad6a220cb3f6f3552a16b4f2753a118b633"},{"fixed":"f86ff88a1548ccf5a13960c0e7625ca787ea0993"},{"fixed":"ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4"},{"fixed":"eab28bfafcd1245a3510df9aa9eb940589956ea6"},{"fixed":"a0d8644784f73fa39f57f72f374eefaba2bf48a0"},{"fixed":"b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53059.json"}}],"schema_version":"1.7.5"}