Improper error handling in Linux kernel video fbdev driver



Published: 2024-06-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52838
CWE-ID CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper error handling

EUVDB-ID: #VU90933

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52838

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the imsttfb_probe() function in drivers/video/fbdev/imsttfb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
http://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d
http://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4
http://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513
http://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d
http://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a
http://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00
http://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###