PT-2023-1661 · Linux+8 · Linux Kernel+8
Pietro Borrello
·
Published
2023-02-12
·
Updated
2024-11-21
·
CVE-2023-1079
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A flaw in the Linux kernel may trigger a use-after-free when a malicious USB device, advertising itself as an Asus device, is plugged in or disconnected. This issue is related to the asus kbd backlight set function and the struct asus kbd leds *led structure. A malicious USB device may exploit this issue to cause memory corruption with controlled data. The vulnerability is associated with a use-after-free in the asus kbd backlight set function of the ASUS USB keyboard driver, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu