#VU106182 Out-of-bounds read in Linux kernel - CVE-2023-52988
Vulnerability identifier: #VU106182
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the add_secret_dac_path() function in sound/pci/hda/patch_via.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10
External links
https://git.kernel.org/stable/c/1b9256c96220bcdba287eeeb90e7c910c77f8c46
https://git.kernel.org/stable/c/2b557fa635e7487f638c0f030c305870839eeda2
https://git.kernel.org/stable/c/437e50ef6290ac835d526d0e45f466a0aa69ba1b
https://git.kernel.org/stable/c/6e1f586ddec48d71016b81acf68ba9f49ca54db8
https://git.kernel.org/stable/c/b9cee506da2b7920b5ea02ccd8e78a907d0ee7aa
https://git.kernel.org/stable/c/d6870f3800dbb212ae8433183ee82f566d067c6c
https://git.kernel.org/stable/c/f011360ad234a07cb6fbcc720fff646a93a9f0d6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
