Security Vulnerability Report
中文
CVE-2023-53553 CVSS 5.5 MEDIUM

CVE-2023-53553

Published: 2025-10-04 16:15:51
Last Modified: 2026-03-23 18:40:56
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from drivers/hid/hid-hyperv.c:8: In function 'fortify_memcpy_chk', inlined from 'mousevsc_on_receive' at drivers/hid/hid-hyperv.c:272:3: include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 583 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ My guess is that the WARN_ON() itself is what confuses gcc, so it no longer sees that there is a correct range check. Rework the code in a way that helps readability and avoids the warning.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:* - VULNERABLE
Linux kernel < 5f151364b1da6bd217632fd4ee8cc24eaf66a497
Linux kernel < a7902cc5f5b9c95997017c8e309da760fb1deb6e
使用gcc-9编译的Linux内核版本(启用CONFIG_FORTIFY_SOURCE)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// PoC for CVE-2023-53553 - Linux Kernel HID hyperv memcpy overrun // This vulnerability is triggered during compilation with gcc-9 when // CONFIG_FORTIFY_SOURCE is enabled, causing a compile-time error. // The vulnerable code is in drivers/hid/hid-hyperv.c, mousevsc_on_receive(): /* static void mousevsc_on_receive(struct hv_device *device, struct vmpacket_descriptor *packet) { // ... struct mousevsc_prt_in_report report; // ... if (WARN_ON(size > sizeof(report))) { // This WARN_ON confuses gcc-9 // ... } memcpy(&report, pkt, size); // Line 272 - triggers fortify warning // ... } */ // To reproduce the compile-time warning: // 1. Use gcc-9 compiler // 2. Enable CONFIG_FORTIFY_SOURCE=y // 3. Compile drivers/hid/hid-hyperv.c // Result: error: call to '__write_overflow_field' declared with attribute warning // Runtime trigger (requires Hyper-V environment): // 1. Run Linux as guest on Hyper-V // 2. Connect a synthetic mouse device // 3. Send specially crafted input report exceeding expected size // This may cause kernel panic or memory corruption #include <linux/module.h> #include <linux/kernel.h> MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("CVE-2023-53553 PoC - HID hyperv memcpy overrun"); static int __init cve_2023_53553_init(void) { pr_info("CVE-2023-53553: HID hyperv driver memcpy overrun vulnerability\n"); pr_info("Affected: Linux kernel with gcc-9 and CONFIG_FORTIFY_SOURCE\n"); pr_info("Fix: Apply kernel patch from stable tree\n"); return 0; } static void __exit cve_2023_53553_exit(void) { pr_info("CVE-2023-53553 module unloaded\n"); } module_init(cve_2023_53553_init); module_exit(cve_2023_53553_exit);

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53553", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:50.590", "lastModified": "2026-03-23T18:40:55.583", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function 'fortify_memcpy_chk',\n inlined from 'mousevsc_on_receive' at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.4.5", "matchCriteriaId": "923F6AEA-C2EF-4B08-B038-69A18F3D41F8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5f151364b1da6bd217632fd4ee8cc24eaf66a497", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a7902cc5f5b9c95997017c8e309da760fb1deb6e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.