Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-52463 |
CWE-ID | CWE-476 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90660
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8
http://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826
http://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b
http://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737
http://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548
http://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.