#VU90912 Reachable assertion in Linux kernel


Published: 2024-06-03

Vulnerability identifier: #VU90912

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52621

CWE-ID: CWE-617

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/d6d6fe4bb105595118f12abeed4a7bdd450853f3
http://git.kernel.org/stable/c/483cb92334cd7f1d5387dccc0ab5d595d27a669d
http://git.kernel.org/stable/c/c7f1b6146f4a46d727c0d046284c28b6882c6304
http://git.kernel.org/stable/c/169410eba271afc9f0fb476d996795aa26770c6d


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability