Privilege escalation in Linux kernel uio driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52439 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU87573
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52439
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c
http://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50
http://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570
http://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7
http://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea
http://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad
http://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41
http://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
