CVE-2023-25012Use After Free in Kernel

CWE-416Use After Free30 documents8 sources
Severity
6.8MEDIUMNVD
NVD4.6OSV5.5OSV4.6
EPSS
0.0%
top 92.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Linux KernelDebian LinuxGoogle Android+13 more
Timeline
PublishedFeb 2
Latest updateJul 27

Description

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages19 packages

NVDlinux/linux_kernel< 6.3+1
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 5.4.0-152.169+1
CVEListV5linux/linux_kernelunknown
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

13
OSV
linux-iot vulnerabilities2023-07-27
OSV
linux-xilinx-zynqmp vulnerabilities2023-07-12
OSV
linux-azure-fde vulnerabilities2023-07-12
OSV
linux-intel-iotg vulnerabilities2023-07-06
OSV
CVE-2023-25012: In bigben_remove of hid-bigbenff2023-07-01

📋Vendor Advisories

15
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2023-07-12
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-07-06
Android
CVE-2023-25012: HID2023-07-01
CVE-2023-25012 — Use After Free in Linux Kernel | cvebase