Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-37453
HistoryJul 06, 2023 - 12:00 a.m.

CVE-2023-37453

2023-07-0600:00:00
ubuntu.com
ubuntu.com
12
usb subsystem
linux kernel
out-of-bounds
crash
read_descriptors

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.1%

An issue was discovered in the USB subsystem in the Linux kernel through
6.4.2. There is an out-of-bounds and crash in read_descriptors in
drivers/usb/core/sysfs.c.

Bugs

Notes

Author Note
seth-arnold In the lkml thread there’s discussion of other data structures that might have the same problem, it would be worth looking through later commits to see if those were addressed or not.
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-169.187UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-91.101UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-39.40UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1116.126UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1051.56UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1017.17UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1051.56~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1116.126~18.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1017.17~22.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1121.128UNKNOWN
Rows per page:
1-10 of 651

References

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.1%