Privilege escalation in Linux kernel HID subsystem
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-1073 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU74123
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1073
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://www.openwall.com/lists/osssecurity/2023/01/17/3
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456
https://bugzilla.redhat.com/show_bug.cgi?id=2173403
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
