CVE-2023-1073
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's HID subsystem allows local attackers to crash the system or potentially escalate privileges by inserting a malicious USB device. This affects Linux systems with vulnerable kernel versions. Attackers need physical or local USB access to exploit this flaw.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, complete system compromise, or kernel panic causing system crash.
Likely Case
Kernel crash/panic leading to denial of service and system reboot requirement.
If Mitigated
Limited to denial of service if privilege escalation fails or system has additional security controls.
🎯 Exploit Status
Exploit requires physical USB device insertion or USB emulation capabilities. Proof-of-concept code exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by distribution. Check specific vendor advisories for patched kernel versions.
Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2173403
Restart Required: Yes
Instructions:
1. Check your Linux distribution's security advisories. 2. Update kernel packages via package manager (e.g., 'apt update && apt upgrade' for Debian/Ubuntu, 'yum update' for RHEL/CentOS). 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
USB Device Restriction
linuxRestrict USB device usage through udev rules or physical port disabling.
Create udev rule: echo 'SUBSYSTEM=="usb", ATTR{idVendor}=="xxxx", ATTR{idProduct}=="yyyy", MODE="0000"' > /etc/udev/rules.d/99-usb-restrict.rules
Reload udev: udevadm control --reload-rules && udevadm trigger
Kernel Module Blacklisting
linuxBlacklist specific HID drivers if not needed.
echo 'blacklist hid-generic' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u (for Debian/Ubuntu) or dracut --force (for RHEL/CentOS)
🧯 If You Can't Patch
- Implement strict physical security controls to prevent unauthorized USB device connections.
- Use mandatory access control systems (SELinux/AppArmor) to limit kernel module loading and device access.
🔍 How to Verify
Check if Vulnerable:
Check kernel version against vendor advisories: uname -r and compare with patched versions in distribution security notices.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update: uname -r should match patched version from vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- USB device insertion logs with suspicious vendor/product IDs
- System crash/reboot events without clear cause
Network Indicators:
- Not applicable - local exploitation only
SIEM Query:
source="kernel" AND "panic" OR "Oops" OR "general protection fault" AND process="hid"🔗 References
- http://www.openwall.com/lists/oss-security/2023/11/05/2
- http://www.openwall.com/lists/oss-security/2023/11/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2173403
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://www.openwall.com/lists/osssecurity/2023/01/17/3
- http://www.openwall.com/lists/oss-security/2023/11/05/2
- http://www.openwall.com/lists/oss-security/2023/11/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2173403
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://www.openwall.com/lists/osssecurity/2023/01/17/3
