Rewterz Threat Alert – Aurora Stealer – Active IOCs
March 29, 2023Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
March 30, 2023Rewterz Threat Alert – Aurora Stealer – Active IOCs
March 29, 2023Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
March 30, 2023Severity
High
Analysis Summary
CVE-2023-1073 CVSS:6.3
Linux Kernel could allow a physical authenticated attacker to gain elevated privileges on the system, caused by a memory corruption flaw in the human interface device (HID) subsystem. By using a specially crafted USB device , an attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVE-2023-28464 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double free flaw in the hci_conn_cleanup function in the Bluetooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-1073
- CVE-2023-28464
Affected Vendors
Linux
Affected Products
- Linux Kernel
- Linux Kernel 6.2-rc1
- Linux Kernel 6.2
Remediation
Refer to Linux Kernel Website for patch, upgrade or suggested workaround information.