Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-52599 |
CWE-ID | CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU88105
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52599
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41
http://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017
http://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e
http://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98
http://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641
http://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b
http://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe
http://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.