An issue was discovered in the USB subsystem in the Linux kernel through
6.4.2. There is an out-of-bounds and crash in read_descriptors in
drivers/usb/core/sysfs.c.
Author | Note |
---|---|
seth-arnold | In the lkml thread there’s discussion of other data structures that might have the same problem, it would be worth looking through later commits to see if those were addressed or not. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | <Â 5.4.0-169.187 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | <Â 5.15.0-91.101 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | <Â 6.2.0-39.40 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | <Â 6.5.0-6.6 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | <Â any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | <Â 5.4.0-1116.126 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | <Â 5.15.0-1051.56 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | <Â 6.2.0-1017.17 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | <Â 6.5.0-1006.6 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | <Â any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-37453
lore.kernel.org/all/[email protected]/T/
lore.kernel.org/all/[email protected]/T/
nvd.nist.gov/vuln/detail/CVE-2023-37453
security-tracker.debian.org/tracker/CVE-2023-37453
syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
ubuntu.com/security/notices/USN-6415-1
ubuntu.com/security/notices/USN-6534-1
ubuntu.com/security/notices/USN-6534-2
ubuntu.com/security/notices/USN-6534-3
ubuntu.com/security/notices/USN-6548-1
ubuntu.com/security/notices/USN-6548-2
ubuntu.com/security/notices/USN-6548-3
ubuntu.com/security/notices/USN-6548-4
ubuntu.com/security/notices/USN-6548-5
ubuntu.com/security/notices/USN-6549-1
ubuntu.com/security/notices/USN-6549-2
ubuntu.com/security/notices/USN-6549-3
ubuntu.com/security/notices/USN-6549-4
ubuntu.com/security/notices/USN-6549-5
ubuntu.com/security/notices/USN-6635-1
www.cve.org/CVERecord?id=CVE-2023-37453