Vulnerabilities > CVE-2023-1073 - Out-of-bounds Write vulnerability in multiple products

CVSS 6.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

NVD

Published: 2023-03-27

Updated: 2023-11-05

Summary

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel -	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	3
OS	Fedoraproject Fedoraproject Fedora 37	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.openwall.com/lists/osssecurity/2023/01/17/3
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456
https://bugzilla.redhat.com/show_bug.cgi?id=2173403
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
http://www.openwall.com/lists/oss-security/2023/11/05/3
http://www.openwall.com/lists/oss-security/2023/11/05/2