Improper locking in Linux kernel ceph
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52583 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.8 rc5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6
https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980
https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3
https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca
https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e
https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160
https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67
https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
