CVE-2023-1073: 
Linux Kernel vulnerability analysis and mitigation

A memory corruption flaw was discovered in the Linux kernel's human interface device (HID) subsystem, identified as CVE-2023-1073. The vulnerability was found in how a user inserts a malicious USB device, specifically involving a type confusion when issuing a listentry() on an empty reportlist. The issue stems from the driver's assumption that the device must have a valid report_list, which while true for normal HID devices, can be violated by a malicious device (CVE Mitre, NVD).

The vulnerability involves a type confusion flaw in the HID subsystem's handling of report lists. The issue occurs specifically in the hidvalidatevalues() function in drivers/hid/hid-core.c and bigbenprobe() in drivers/hid/hid-bigbenff.c. When listentry() is called on an empty list, it causes a type confusion making the listentry point to the listhead itself. This vulnerability was fixed in kernel version 6.1.9 (Red Hat Bugzilla).

The vulnerability allows a local user with the ability to insert and remove USB devices to potentially cause a denial of service through system crash or memory corruption. In more severe cases, it might enable privilege escalation or the execution of arbitrary code in the kernel context (Debian LTS).

The vulnerability has been patched in various Linux distributions. Red Hat has addressed it in RHEL 8 and 9 through security updates. Ubuntu has released fixes for affected versions including 22.04 LTS, 20.04 LTS, and 18.04 LTS. Debian has also provided fixes in version 5.10.178-3~deb10u1 for Debian 10 (buster) (Red Hat Bugzilla, Debian LTS).