#VU93242 Buffer overflow in Linux kernel - CVE-2023-52655
Published: June 25, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU93242
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-52655
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204
- https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975
- https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab
- https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd
- https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e
- https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.205
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.144
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.265
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7