PT-2023-1004 · Linux+5 · Linux Kernel+5

Pietro Borrello

Published

2023-01-31

Updated

2024-04-15

CVE-2023-25012

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.1.9

Description The issue is related to a Use-After-Free in the bigben remove function in drivers/hid/hid-bigbenff.c. This can be exploited via a crafted USB device, potentially leading to a denial of service or local escalation of privilege. The exploitation does not require additional execution privileges or user interaction. The vulnerability is caused by the LED controllers remaining registered for too long.

Recommendations For Linux kernel versions through 6.1.9, consider disabling the bigben remove function in drivers/hid/hid-bigbenff.c as a temporary workaround to minimize the risk of exploitation. Restrict access to the hid-bigbenff driver to prevent the use of crafted USB devices.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-1194

ALT-PU-2023-1267

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

ALT-PU-2024-4263

ALT-PU-2024-4843

ASB-A-268589017

AZL-13291

AZL-26405

AZL-34804

BDU:2023-00747

CVE-2023-25012

DLA-3404-1

MGASA-2023-0148

MGASA-2023-0149

OPENSUSE-SU-2023_2646-1

OPENSUSE-SU-2023_2871-1

SUSE-SU-2023:0749-1

SUSE-SU-2023:0749-2

SUSE-SU-2023:0779-1

SUSE-SU-2023:1608-1

SUSE-SU-2023:1609-1

SUSE-SU-2023:1710-1

SUSE-SU-2023:1800-1

SUSE-SU-2023:1811-1

SUSE-SU-2023:2646-1

SUSE-SU-2023:2809-1

SUSE-SU-2023:2871-1

USN-6033-1

USN-6171-1

USN-6172-1

USN-6185-1

USN-6187-1

USN-6207-1

USN-6222-1

USN-6223-1

USN-6256-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2023-1004 · Linux+5 · Linux Kernel+5

CVE-2023-25012

Weakness Enumeration

Related Identifiers

Affected Products

References · 743