Vulnerability Description
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | - |
| Redhat | Enterprise Linux | 7.0 |
| Fedoraproject | Fedora | 37 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/11/05/2
- http://www.openwall.com/lists/oss-security/2023/11/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2173403Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b1Mailing ListPatch
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://www.openwall.com/lists/osssecurity/2023/01/17/3Broken Link
- http://www.openwall.com/lists/oss-security/2023/11/05/2
- http://www.openwall.com/lists/oss-security/2023/11/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2173403Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b1Mailing ListPatch
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://www.openwall.com/lists/osssecurity/2023/01/17/3Broken Link
FAQ
What is CVE-2023-1073?
CVE-2023-1073 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially esca...
How severe is CVE-2023-1073?
CVE-2023-1073 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1073?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Fedoraproject Fedora.