4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.4%
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in
drivers/hid/hid-bigbenff.c via a crafted USB device because the LED
controllers remain registered for too long.
Author | Note |
---|---|
sbeattie | requires the removal of the device to exploit, usually implying physical access. upstream submission claims the issue was introduced in 4eb1b01de5b9 (βHID: hid-bigbenff: fix race condition for scheduled work during removalβ), which may also have a security impact. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | <Β 5.4.0-152.169 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | <Β 5.15.0-75.82 | UNKNOWN |
ubuntu | 22.10 | noarch | linux | <Β 5.19.0-45.46 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | <Β 5.4.0-1104.112 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | <Β 5.15.0-1038.43 | UNKNOWN |
ubuntu | 22.10 | noarch | linux-aws | <Β 5.19.0-1027.28 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | <Β 6.2.0-1003.3 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | <Β 6.2.0-1003.3 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | <Β 5.15.0-1038.43~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | <Β any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-25012
lore.kernel.org/all/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2023-25012
seclists.org/oss-sec/2023/q1/53
security-tracker.debian.org/tracker/CVE-2023-25012
ubuntu.com/security/notices/USN-6033-1
ubuntu.com/security/notices/USN-6171-1
ubuntu.com/security/notices/USN-6172-1
ubuntu.com/security/notices/USN-6185-1
ubuntu.com/security/notices/USN-6187-1
ubuntu.com/security/notices/USN-6207-1
ubuntu.com/security/notices/USN-6222-1
ubuntu.com/security/notices/USN-6223-1
ubuntu.com/security/notices/USN-6256-1
www.cve.org/CVERecord?id=CVE-2023-25012
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.4%