PT-2023-3562 · Linux+8 · Linux Kernel+8

Syzbot

·

Published

2023-06-20

·

Updated

2024-12-19

·

CVE-2023-37453

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.4.2
Description An issue in the USB subsystem of the Linux kernel allows for an out-of-bounds read and crash in the read descriptors function in drivers/usb/core/sysfs.c. This can lead to a denial of service. The issue is related to reading beyond the boundaries of an allocated buffer.
Recommendations For Linux kernel versions through 6.4.2, as a temporary workaround, consider disabling the read descriptors function in the USB subsystem until a patch is available. Restrict access to the drivers/usb/core/sysfs.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:2394
ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2023-4401
ALT-PU-2023-4482
ALT-PU-2023-4663
ALT-PU-2023-6854
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27388
BDU:2023-03783
CESA-2024_2950
CESA-2024_3138
CVE-2023-37453
INFSA-2024_2394
INFSA-2024_2950
INFSA-2024_3138
OESA-2023-1797
OESA-2023-1798
OESA-2023-1799
OPENSUSE-SU-2023_3599-1
OPENSUSE-SU-2023_3599-2
OPENSUSE-SU-2023_3600-1
OPENSUSE-SU-2023_3600-2
OPENSUSE-SU-2023_3656-1
OPENSUSE-SU-2023_3682-1
OPENSUSE-SU-2023_3683-1
OPENSUSE-SU-2023_3683-2
OPENSUSE-SU-2023_3704-1
OPENSUSE-SU-2023_3704-2
OPENSUSE-SU-2023_3964-1
OPENSUSE-SU-2023_3969-1
OPENSUSE-SU-2023_3971-1
OPENSUSE-SU-2023_3988-1
OPENSUSE-SU-2023_4057-1
OPENSUSE-SU-2023_4058-1
OPENSUSE-SU-2024_2947-1
RHSA-2024:2394
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024_2394
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
SUSE-SU-2023:3599-1
SUSE-SU-2023:3599-2
SUSE-SU-2023:3600-1
SUSE-SU-2023:3600-2
SUSE-SU-2023:3656-1
SUSE-SU-2023:3682-1
SUSE-SU-2023:3964-1
SUSE-SU-2023:3969-1
SUSE-SU-2023:3971-1
SUSE-SU-2023:3988-1
SUSE-SU-2023:4057-1
SUSE-SU-2023:4058-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2947-1
USN-6415-1
USN-6534-1
USN-6534-2
USN-6534-3
USN-6548-1
USN-6548-2
USN-6548-3
USN-6548-4
USN-6548-5
USN-6549-1
USN-6549-2
USN-6549-3
USN-6549-4
USN-6549-5
USN-6635-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu