4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.3%
An issue was discovered in the USB subsystem in the Linux kernel through
6.4.2. There is an out-of-bounds and crash in read_descriptors in
drivers/usb/core/sysfs.c.
Author | Note |
---|---|
seth-arnold | In the lkml thread there’s discussion of other data structures that might have the same problem, it would be worth looking through later commits to see if those were addressed or not. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-169.187 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-91.101 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-39.40 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1116.126 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1051.56 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1017.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1051.56~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1116.126~18.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.2 | < 6.2.0-1017.17~22.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1121.128 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-37453
lore.kernel.org/all/[email protected]/T/
lore.kernel.org/all/[email protected]/T/
nvd.nist.gov/vuln/detail/CVE-2023-37453
security-tracker.debian.org/tracker/CVE-2023-37453
syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
ubuntu.com/security/notices/USN-6415-1
ubuntu.com/security/notices/USN-6534-1
ubuntu.com/security/notices/USN-6534-2
ubuntu.com/security/notices/USN-6534-3
ubuntu.com/security/notices/USN-6548-1
ubuntu.com/security/notices/USN-6548-2
ubuntu.com/security/notices/USN-6548-3
ubuntu.com/security/notices/USN-6548-4
ubuntu.com/security/notices/USN-6548-5
ubuntu.com/security/notices/USN-6549-1
ubuntu.com/security/notices/USN-6549-2
ubuntu.com/security/notices/USN-6549-3
ubuntu.com/security/notices/USN-6549-4
ubuntu.com/security/notices/USN-6549-5
ubuntu.com/security/notices/USN-6635-1
www.cve.org/CVERecord?id=CVE-2023-37453