Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2024-2448
HistoryFeb 01, 2024 - 7:57 p.m.

Medium: kernel

2024-02-0119:57:00
alas.aws.amazon.com
6
linux kernel
memory corruption
hid subsystem
usb device
cve-2023-1073
yum update

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Issue Overview:

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.305-227.531.amzn2.aarch64  
    kernel-headers-4.14.305-227.531.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.305-227.531.amzn2.aarch64  
    perf-4.14.305-227.531.amzn2.aarch64  
    perf-debuginfo-4.14.305-227.531.amzn2.aarch64  
    python-perf-4.14.305-227.531.amzn2.aarch64  
    python-perf-debuginfo-4.14.305-227.531.amzn2.aarch64  
    kernel-tools-4.14.305-227.531.amzn2.aarch64  
    kernel-tools-devel-4.14.305-227.531.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.305-227.531.amzn2.aarch64  
    kernel-devel-4.14.305-227.531.amzn2.aarch64  
    kernel-debuginfo-4.14.305-227.531.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.305-227.531.amzn2.i686  
  
src:  
    kernel-4.14.305-227.531.amzn2.src  
  
x86_64:  
    kernel-4.14.305-227.531.amzn2.x86_64  
    kernel-headers-4.14.305-227.531.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.305-227.531.amzn2.x86_64  
    perf-4.14.305-227.531.amzn2.x86_64  
    perf-debuginfo-4.14.305-227.531.amzn2.x86_64  
    python-perf-4.14.305-227.531.amzn2.x86_64  
    python-perf-debuginfo-4.14.305-227.531.amzn2.x86_64  
    kernel-tools-4.14.305-227.531.amzn2.x86_64  
    kernel-tools-devel-4.14.305-227.531.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.305-227.531.amzn2.x86_64  
    kernel-devel-4.14.305-227.531.amzn2.x86_64  
    kernel-debuginfo-4.14.305-227.531.amzn2.x86_64  
    kernel-livepatch-4.14.305-227.531-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2023-1073

Mitre: CVE-2023-1073

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64kernel< 4.14.305-227.531.amzn2kernel-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-headers< 4.14.305-227.531.amzn2kernel-headers-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-debuginfo-common-aarch64< 4.14.305-227.531.amzn2kernel-debuginfo-common-aarch64-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64perf< 4.14.305-227.531.amzn2perf-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64perf-debuginfo< 4.14.305-227.531.amzn2perf-debuginfo-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64python-perf< 4.14.305-227.531.amzn2python-perf-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64python-perf-debuginfo< 4.14.305-227.531.amzn2python-perf-debuginfo-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-tools< 4.14.305-227.531.amzn2kernel-tools-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-tools-devel< 4.14.305-227.531.amzn2kernel-tools-devel-4.14.305-227.531.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-tools-debuginfo< 4.14.305-227.531.amzn2kernel-tools-debuginfo-4.14.305-227.531.amzn2.aarch64.rpm
Rows per page:
1-10 of 261

Related

nvd 1
debiancve 1
cvelist 1
cve 1
prion 1
nessus 56
redhatcve 1
ubuntucve 1
osv 20
openvas 37
ubuntu 17
oraclelinux 5
amazon 1
ibm 5
mageia 2
photon 2
almalinux 2
redhat 13
debian 2
ics 1
nvd
nvd
CVE-2023-1073
2023-03-27 21:15:10
debiancve
debiancve
CVE-2023-1073
2023-03-27 21:15:10
cvelist
cvelist
CVE-2023-1073
2023-03-27 00:00:00
cve
cve
CVE-2023-1073
2023-03-27 21:15:10
prion
prion
Memory corruption
2023-03-27 21:15:00
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2024-2448)
2024-02-06 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-027)
2023-03-22 00:00:00
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6174-1)
2023-10-20 00:00:00
redhatcve
redhatcve
CVE-2023-1073
2023-02-27 18:29:55
ubuntucve
ubuntucve
CVE-2023-1073
2023-02-28 00:00:00
osv
osv
linux-oem-5.17 vulnerabilities
2023-06-16 19:59:59
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
2023-04-19 14:06:38
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
2023-06-08 14:43:55
openvas
openvas
Ubuntu: Security Advisory (USN-6174-1)
2023-06-19 00:00:00
Ubuntu: Security Advisory (USN-6029-1)
2023-04-20 00:00:00
Ubuntu: Security Advisory (USN-6149-1)
2023-06-09 00:00:00
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-06-16 00:00:00
Linux kernel vulnerabilities
2023-04-19 00:00:00
Linux kernel vulnerabilities
2023-06-08 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-04-04 00:00:00
kernel security update
2024-02-22 00:00:00
kernel security update
2024-03-06 00:00:00
amazon
amazon
Important: kernel
2023-03-17 15:53:00
ibm
ibm
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System
2024-04-04 11:02:32
Security Bulletin: Vulnerabilities in Linux Kernel and Apache Axis can affect IBM Storage Protect Plus
2024-01-31 12:00:02
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
2024-01-12 16:32:54
mageia
mageia
Updated kernel packages fix security vulnerabilities
2023-03-11 22:00:39
Updated kernel-linus packages fix security vulnerabilities
2023-03-11 22:00:39
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0370
2023-04-05 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0538
2023-02-26 00:00:00
almalinux
almalinux
Important: kernel security update
2024-02-20 00:00:00
Important: kernel security, bug fix, and enhancement update
2023-11-14 00:00:00
redhat
redhat
(RHSA-2024:0881) Important: kernel-rt security update
2024-02-20 11:21:04
(RHSA-2024:0897) Important: kernel security update
2024-02-20 11:21:31
(RHSA-2024:0575) Important: kernel security and bug fix update
2024-01-30 12:53:19
debian
debian
[SECURITY] [DLA 3404-1] linux-5.10 security update
2023-05-02 22:45:59
[SECURITY] [DLA 3403-1] linux security update
2023-05-03 12:01:28
ics
ics
Siemens SIMATIC S7-1500 TM MFP BIOS
2023-06-15 12:00:00

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for ALAS-2024-2448
nvd1debiancve1cvelist1cve1prion1nessus56redhatcve1ubuntucve1osv20openvas37ubuntu17oraclelinux5amazon1ibm5mageia2photon2almalinux2redhat13debian2ics1