PT-2023-3562 · Linux+8 · Linux Kernel+8

Syzbot

Publicado

2023-06-20

Atualizado

2024-12-19

CVE-2023-37453

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.4.2

Description An issue in the USB subsystem of the Linux kernel allows for an out-of-bounds read and crash in the read descriptors function in drivers/usb/core/sysfs.c. This can lead to a denial of service. The issue is related to reading beyond the boundaries of an allocated buffer.

Recommendations For Linux kernel versions through 6.4.2, as a temporary workaround, consider disabling the read descriptors function in the USB subsystem until a patch is available. Restrict access to the drivers/usb/core/sysfs.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2024:2394

ALSA-2024:2950

ALSA-2024:3138

ALT-PU-2023-4401

ALT-PU-2023-4482

ALT-PU-2023-4663

ALT-PU-2023-6854

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-27388

BDU:2023-03783

CESA-2024_2950

CESA-2024_3138

CVE-2023-37453

INFSA-2024_2394

INFSA-2024_2950

INFSA-2024_3138

OESA-2023-1797

OESA-2023-1798

OESA-2023-1799

OPENSUSE-SU-2023_3599-1

OPENSUSE-SU-2023_3599-2

OPENSUSE-SU-2023_3600-1

OPENSUSE-SU-2023_3600-2

OPENSUSE-SU-2023_3656-1

OPENSUSE-SU-2023_3682-1

OPENSUSE-SU-2023_3683-1

OPENSUSE-SU-2023_3683-2

OPENSUSE-SU-2023_3704-1

OPENSUSE-SU-2023_3704-2

OPENSUSE-SU-2023_3964-1

OPENSUSE-SU-2023_3969-1

OPENSUSE-SU-2023_3971-1

OPENSUSE-SU-2023_3988-1

OPENSUSE-SU-2023_4057-1

OPENSUSE-SU-2023_4058-1

OPENSUSE-SU-2024_2947-1

RHSA-2024:2394

RHSA-2024:2950

RHSA-2024:3138

RHSA-2024_2394

RHSA-2024_2950

RHSA-2024_3138

RLSA-2024:2950

RLSA-2024:3138

SUSE-SU-2023:3599-1

SUSE-SU-2023:3599-2

SUSE-SU-2023:3600-1

SUSE-SU-2023:3600-2

SUSE-SU-2023:3656-1

SUSE-SU-2023:3682-1

SUSE-SU-2023:3964-1

SUSE-SU-2023:3969-1

SUSE-SU-2023:3971-1

SUSE-SU-2023:3988-1

SUSE-SU-2023:4057-1

SUSE-SU-2023:4058-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2947-1

USN-6415-1

USN-6534-1

USN-6534-2

USN-6534-3

USN-6548-1

USN-6548-2

USN-6548-3

USN-6548-4

USN-6548-5

USN-6549-1

USN-6549-2

USN-6549-3

USN-6549-4

USN-6549-5

USN-6635-1

Produtos afetados

Alt Linux

Almalinux

Centos

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2023-3562 · Linux+8 · Linux Kernel+8

CVE-2023-37453

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1409