CVE-2023-1073

Summary

CVE	CVE-2023-1073
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-27 21:15:00 UTC
Updated	2023-11-05 22:15:00 UTC
Description	A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Linux	Linux Kernel	-	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All

References

Reference	Source	Link	Tags
2173403 – (CVE-2023-1073) CVE-2023-1073 kernel: HID: check empty report_list in hid_validate_values()	MISC	bugzilla.redhat.com
oss-security - Re: Linux Kernel: hid: type confusions on hid report_list entry	MLIST	www.openwall.com
[SECURITY] [DLA 3404-1] linux-5.10 security update	MLIST	lists.debian.org
kernel/git/next/linux-next.git - The linux-next integration testing tree	MISC	git.kernel.org
oss-security - Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()	MLIST	www.openwall.com
[SECURITY] [DLA 3403-1] linux security update	MLIST	lists.debian.org
404 Not Found	MISC	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160525 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12232)
161066 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-6583)
161147 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)
161372 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-12169)
161402 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-0897)
181765 Debian Security Update for linux-5.10 (DLA 3404-1)
181768 Debian Security Update for linux (DLA 3403-1)
182097 Debian Security Update for linux (CVE-2023-1073)
199254 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5978-1)
199292 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6025-1)
199296 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6029-1)
199300 Ubuntu Security Notification for Linux kernel (Qualcomm Snapdragon) Vulnerabilities (USN-6030-1)
199301 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6027-1)
199303 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-6040-1)
199321 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6057-1)
199343 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6079-1)
199353 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6091-1)
199354 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6096-1)
199356 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6093-1)
199385 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6134-1)
199423 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6174-1)
199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
199521 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6235-1)
199539 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6149-1)
199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
242399 Red Hat Update for kernel security (RHSA-2023:6583)
242434 Red Hat Update for kernel-rt security (RHSA-2023:6901)
242451 Red Hat Update for kernel security (RHSA-2023:7077)
242789 Red Hat Update for kernel (RHSA-2024:0575)
242855 Red Hat Update for kernel (RHSA-2024:0412)
242939 Red Hat Update for kernel (RHSA-2024:0897)
242983 Red Hat Update for kernel-rt (RHSA-2024:0881)
357086 Amazon Linux Security Advisory for kernel : ALAS2-2024-2448
357107 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2024-037
378468 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-20230042)
378512 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0042)
378701 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0030)
378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
390276 Oracle VM Server for x86 Security Update for kernel (OVMSA-2023-0007)
672981 EulerOS Security Update for kernel (EulerOS-SA-2023-1848)
673005 EulerOS Security Update for kernel (EulerOS-SA-2023-1873)
673017 EulerOS Security Update for kernel (EulerOS-SA-2023-1978)
673047 EulerOS Security Update for kernel (EulerOS-SA-2023-1956)
673074 EulerOS Security Update for kernel (EulerOS-SA-2023-2193)
673117 EulerOS Security Update for kernel (EulerOS-SA-2023-2152)
673121 EulerOS Security Update for kernel (EulerOS-SA-2023-2296)
673157 EulerOS Security Update for kernel (EulerOS-SA-2023-2272)
941453 AlmaLinux Security Update for kernel (ALSA-2023:7077)
941584 AlmaLinux Security Update for kernel (ALSA-2024:0897)