Out-of-bounds read in Linux kernel - CVE-2023-52507
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90350
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-52507
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53
- https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729
- https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb
- https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802
- https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213
- https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848
- https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da
- https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.328
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.199
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.136
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.259
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6