CVE-2023-1079

Summary

CVE	CVE-2023-1079
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-27 21:15:00 UTC
Updated	2023-05-03 14:15:00 UTC
Description	A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3404-1] linux-5.10 security update	MLIST	lists.debian.org
[SECURITY] [DLA 3403-1] linux security update	MLIST	lists.debian.org
kernel/git/next/linux-next.git - The linux-next integration testing tree	MISC	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

161066 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-6583)
161147 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)
181765 Debian Security Update for linux-5.10 (DLA 3404-1)
181768 Debian Security Update for linux (DLA 3403-1)
182606 Debian Security Update for linux (CVE-2023-1079)
199298 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6033-1)
199424 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6172-1)
199425 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6171-1)
199438 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-6187-1)
199439 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6185-1)
199451 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6207-1)
199463 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-6223-1)
199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
200072 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6604-1)
200079 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6604-2)
242399 Red Hat Update for kernel security (RHSA-2023:6583)
242434 Red Hat Update for kernel-rt security (RHSA-2023:6901)
242451 Red Hat Update for kernel security (RHSA-2023:7077)
242789 Red Hat Update for kernel (RHSA-2024:0575)
242855 Red Hat Update for kernel (RHSA-2024:0412)
378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
379435 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2024:0012)
672981 EulerOS Security Update for kernel (EulerOS-SA-2023-1848)
673005 EulerOS Security Update for kernel (EulerOS-SA-2023-1873)
754120 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2611-1)
754145 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2651-1)
754160 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2808-1)
754167 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2822-1)
754168 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2830-1)
755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)
906724 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (25797-1)
906767 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (25798-1)
941453 AlmaLinux Security Update for kernel (ALSA-2023:7077)