4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.3%
This affects the BMC’s physical USB ports.
CVEID:CVE-2023-37453
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a specially crafted USB device, a physical attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259996 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
OPENBMC | FW1050.00 - FW1050.10 |
Customers with the products below should install FW1050.11(1050_070) or newer to remediate this vulnerability.
Power 10
Prevent physical access to the BMC’s USB ports.
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.3%