CVE-2023-25012 : The Linux kernel through 6.1.9 has a Use-After-Free in bigben

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

Published 2023-02-02 00:15:09

Updated 2024-03-25 01:15:53

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-25012

Linux » Linux Kernel
Versions up to, including, (<=) 6.1.9
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-25012

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-25012

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.9	3.6	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-25012

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-25012

https://bugzilla.suse.com/show_bug.cgi?id=1207560

1207560 – (CVE-2023-25012) VUL-0: CVE-2023-25012: kernel: hid: Use-After-Free in bigben_set_led()
http://www.openwall.com/lists/oss-security/2023/11/05/1

oss-security - CVE-2023-1078: Linux: rds_rm_zerocopy_callback() bugs

CVEs referencing this url
https://seclists.org/oss-sec/2023/q1/53

oss-sec: Linux Kernel: hid: Use-After-Free in bigben_set_led()
Exploit;Mailing List;Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76ca8da989c7d97a7f76c75d475fe95a584439d7

HID: bigben: use spinlock to safely schedule workers - kernel/git/torvalds/linux.git - Linux kernel source tree
https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16%40diag.uniroma1.it/

[PATCH 1/5] HID: bigben_remove: manually unregister leds - Pietro Borrello
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

[SECURITY] [DLA 3404-1] linux-5.10 security update

CVEs referencing this url
https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/

[PATCH 1/5] HID: bigben_remove: manually unregister leds - Pietro Borrello
Mailing List;Patch;Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/02/02/1

oss-security - Re: Linux Kernel: hid: Use-After-Free in bigben_set_led()
Exploit;Mailing List;Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d2a2fd844ec7da70d19fabb482304fd1e0595b

HID: bigben_worker() remove unneeded check on report_field - kernel/git/torvalds/linux.git - Linux kernel source tree
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9fefb6201c4f8dd9f58c581b2a66e5cde2895ea2

HID: bigben: use spinlock to protect concurrent accesses - kernel/git/torvalds/linux.git - Linux kernel source tree

Jump to

Vulnerability Details : CVE-2023-25012

Products affected by CVE-2023-25012

Exploit prediction scoring system (EPSS) score for CVE-2023-25012

CVSS scores for CVE-2023-25012

CWE ids for CVE-2023-25012

References for CVE-2023-25012