CVE-2023-4010

Published: Jul 31, 2023Modified: Nov 21, 2024

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.

Affected (3)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

https://access.redhat.com/security/cve/CVE-2023-4010

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2227726

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/wanrenmi/a-usb-kernel-bug

Source: secalert@redhat.com

Exploit

https://access.redhat.com/security/cve/CVE-2023-4010

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2227726

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/wanrenmi/a-usb-kernel-bug

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.