Bug 2401552 (CVE-2023-53553) - CVE-2023-53553 kernel: HID: hyperv: avoid struct memcpy overrun warning
Summary: CVE-2023-53553 kernel: HID: hyperv: avoid struct memcpy overrun warning
Keywords:
Status: NEW
Alias: CVE-2023-53553
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-04 16:07 UTC by OSIDB Bzimport
Modified: 2025-11-04 00:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-04 16:07:02 UTC 
In the Linux kernel, the following vulnerability has been resolved:

HID: hyperv: avoid struct memcpy overrun warning

A previous patch addressed the fortified memcpy warning for most
builds, but I still see this one with gcc-9:

In file included from include/linux/string.h:254,
                 from drivers/hid/hid-hyperv.c:8:
In function 'fortify_memcpy_chk',
    inlined from 'mousevsc_on_receive' at drivers/hid/hid-hyperv.c:272:3:
include/linux/fortify-string.h:583:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
  583 |    __write_overflow_field(p_size_field, size);
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

My guess is that the WARN_ON() itself is what confuses gcc, so it no
longer sees that there is a correct range check. Rework the code in a
way that helps readability and avoids the warning.
Comment 1 Alexander B 2025-10-06 12:21:28 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100448-CVE-2023-53553-f661@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.