Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-37453

Опубликовано: 20 июн. 2023
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

An out-of-bounds read issue was found in the USB subsystem in the Linux kernel. This flaw allows a malicious user to crash the system, resulting in a denial of service condition.

Отчет

Red Hat Enterprise Linux minor releases prior to 8.9.0 and 9.3.0 are not affected by this CVE as they did not include the upstream commit that introduced this flaw: https://github.com/torvalds/linux/commit/45bf39f8df7f.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:295022.05.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:313822.05.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2221039kernel: usb: out-of-bounds read in read_descriptors

EPSS

Процентиль: 1%
0.00013
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-37453

CVSS3: 4.6
ubuntu
около 2 лет назад

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

nvd логотип

CVE-2023-37453

CVSS3: 4.6
nvd
около 2 лет назад

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

debian логотип

CVE-2023-37453

CVSS3: 4.6
debian
около 2 лет назад

An issue was discovered in the USB subsystem in the Linux kernel throu ...

github логотип

GHSA-7jq8-885h-574r

CVSS3: 4.6
github
около 2 лет назад

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

fstec логотип

BDU:2023-03783

CVSS3: 4.6
fstec
около 2 лет назад

Уязвимость функции read_descriptors() в модуле drivers/usb/core/sysfs.c драйвера USB ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00013
Низкий

4.6 Medium

CVSS3