#VU91084 Out-of-bounds read in Linux kernel


Published: 2024-06-04

Vulnerability identifier: #VU91084

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52835

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f
http://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734
http://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece
http://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a
http://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a
http://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a
http://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb
http://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability