Improper locking in Linux kernel locking
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52836 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU91505
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14 - 6.7 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389
https://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715
https://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5
https://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75
https://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3
https://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc
https://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c
https://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479
https://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.331
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
