#VU93650 Improper error handling in Linux kernel - CVE-2023-52784
Published: July 2, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU93650
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-52784
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe
- https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc
- https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c
- https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4
- https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c
- https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859
- https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7