Use of uninitialized resource in Linux kernel llc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52843 |
| CWE-ID | CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of uninitialized resource
EUVDB-ID: #VU90868
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52843
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14 - 6.7 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535
https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c
https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f
https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779
https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b
https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29
https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a
https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79
https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.330
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.299
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.201
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.139
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.261
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.63
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
