Use of uninitialized resource in Linux kernel tipc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52845 |
| CWE-ID | CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of uninitialized resource
EUVDB-ID: #VU90867
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d
http://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6
http://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0
http://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294
http://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8
http://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4
http://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04
http://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709
http://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
