Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-52595 |
CWE-ID | CWE-667 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48
http://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e
http://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c
http://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957
http://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83
http://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb
http://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.