Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-4010
HistoryJul 31, 2023 - 12:00 a.m.

CVE-2023-4010

2023-07-3100:00:00
ubuntu.com
ubuntu.com
12
linux kernel
usb host controller driver
denial of service

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

19.5%

JSON

A flaw was found in the USB Host Controller Driver framework in the Linux
kernel. The usb_giveback_urb function has a logic loophole in its
implementation. Due to the inappropriate judgment condition of the goto
statement, the function cannot return under the input of a specific
malformed descriptor file, so it falls into an endless loop, resulting in a
denial of service.

Bugs

Notes

Author Note
Priority reason: Requires physical access to insert a malicious device, and the denial of service is simply log flooding due to a malforrmed response.
sbeattie issue is not clear; the function the reporter mentions does not exist. though there is the similar usb_giveback_urb_bh(). However, as of 6.3.7, which the reporter claims is vulnerable, that function contained no gotos, though it did until 26c6c2f8a907 (“USB: HCD: Fix URB giveback issue in tasklet function”), which landed in v6.0-rc1.
magalilemes This is a USB device using interrupt transfers. So, as soon as a response is received, it submits another URB, waiting for the next “interrupt” to happen. That is totally normal. But as the response is malformed, the imon driver outputs a warning without any throttling. There is no system lockup happening. The imon driver has been issuing those warnings since its inception, so using that as the break commit.

Related

prion 1
cve 1
nvd 1
cvelist 1
redhatcve 1
debiancve 1
redos 1
nessus 2
prion
prion
Design/Logic Flaw
2023-07-31 17:15:00
cve
cve
CVE-2023-4010
2023-07-31 17:15:10
nvd
nvd
CVE-2023-4010
2023-07-31 17:15:10
cvelist
cvelist
CVE-2023-4010 Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb()
2023-07-31 16:22:24
redhatcve
redhatcve
CVE-2023-4010
2023-07-31 08:49:21
debiancve
debiancve
CVE-2023-4010
2023-07-31 17:15:10
redos
redos
ROS-20230904-01
2023-09-04 00:00:00
nessus
nessus
RHEL 6 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

19.5%

JSON
Related for UB:CVE-2023-4010
prion1cve1nvd1cvelist1redhatcve1debiancve1redos1nessus2