Resource management error in Linux kernel ext4
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-53101 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU108506
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53101
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_inode_boot_loader() function in fs/ext4/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14 - 6.3 rc6
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/01a821aacc64d4b05dafd239dbc9b7856686002f
https://git.kernel.org/stable/c/0d8a6c9a6415999fee1259ccf1796480c026b7d6
https://git.kernel.org/stable/c/3f00c476da8fe7c4c34ea16abb55d74127120413
https://git.kernel.org/stable/c/59eee0cdf8c036f554add97a4da7c06d7a9ff34a
https://git.kernel.org/stable/c/9cb27b1e76f0cc886ac09055bc41c0ab3f205167
https://git.kernel.org/stable/c/9e9a4cc5486356158554f6ad73027d8635a48b34
https://git.kernel.org/stable/c/d6c1447e483c05dbcfb3ff77ac04237a82070b8c
https://git.kernel.org/stable/c/f5361da1e60d54ec81346aee8e3d8baf1be0b762
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.310
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.278
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.175
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.103
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.237
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.20
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
