CVE-2023-1079

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-1079

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1079.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-1079

Downstream

DEBIAN-CVE-2023-1079

DLA-3403-1

DLA-3404-1

OESA-2023-1180

OESA-2023-1187

OESA-2023-1188

OESA-2023-1197

RHSA-2023:6583

RHSA-2023:6901

RHSA-2023:7077

RHSA-2024:0412

RHSA-2024:0575

SUSE-SU-2023:2500-1

SUSE-SU-2023:2502-1

SUSE-SU-2023:2611-1

SUSE-SU-2023:2646-1

SUSE-SU-2023:2651-1

SUSE-SU-2023:2653-1

SUSE-SU-2023:2782-1

SUSE-SU-2023:2804-1

SUSE-SU-2023:2808-1

SUSE-SU-2023:2809-1

SUSE-SU-2023:2822-1

SUSE-SU-2023:2830-1

SUSE-SU-2023:2871-1

UBUNTU-CVE-2023-1079

USN-6033-1

USN-6171-1

USN-6172-1

USN-6185-1

USN-6207-1

USN-6222-1

USN-6223-1

USN-6256-1

USN-6604-1

USN-6604-2

Related

Published

2023-03-27T21:15:10Z

Modified

2025-08-09T20:01:27Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the Linux kernel. A use-after-free may be triggered in asuskbdbacklightset when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the workstruct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asuskbdleds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.

References

Affected packages