CVE-2023-37453

2023-07-0600:00:00

ubuntu.com

usb subsystem

linux kernel

out-of-bounds

crash

read_descriptors

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.3%

JSON

An issue was discovered in the USB subsystem in the Linux kernel through
6.4.2. There is an out-of-bounds and crash in read_descriptors in
drivers/usb/core/sysfs.c.

Bugs

Notes

Author	Note
seth-arnold	In the lkml thread there’s discussion of other data structures that might have the same problem, it would be worth looking through later commits to see if those were addressed or not.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-169.187UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-91.101UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-39.40UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1116.126UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1051.56UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1017.17UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1051.56~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1116.126~18.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1017.17~22.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1121.128UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< 5.4.0-169.187	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-91.101	UNKNOWN
ubuntu	23.04	noarch	linux	< 6.2.0-39.40	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1116.126	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1051.56	UNKNOWN
ubuntu	23.04	noarch	linux-aws	< 6.2.0-1017.17	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1051.56~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1116.126~18.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.2	< 6.2.0-1017.17~22.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1121.128	UNKNOWN