CVSS 3.1 Score 4.6 of 10 (medium)


Published Jul 6, 2023
Updated: Mar 25, 2024
CWE ID 125


CVE-2023-37453 is a vulnerability discovered in the USB subsystem of the Linux kernel through version 6.4.2, affecting multiple products. The issue involves an out-of-bounds read and crash in read_descriptors in drivers/usb/core/sysfs.c. The vulnerability has a base severity of MEDIUM with a base score of 4.6 according to NVD. It requires physical access to exploit and does not require any privileges or user interaction. The impact score is 3.6, with no integrity or confidentiality impact but a high availability impact. The CVSS vector string is CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No remediation steps are provided, and the potential danger it poses to an organization would depend on the specific systems affected and the level of physical access to those systems.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37453 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options