Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-52609 |
CWE-ID | CWE-362 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU91484
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/95b1d336b0642198b56836b89908d07b9a0c9608
http://git.kernel.org/stable/c/252a2a5569eb9f8d16428872cc24dea1ac0bb097
http://git.kernel.org/stable/c/7e7a0d86542b0ea903006d3f42f33c4f7ead6918
http://git.kernel.org/stable/c/98fee5bee97ad47b527a997d5786410430d1f0e9
http://git.kernel.org/stable/c/6696f76c32ff67fec26823fc2df46498e70d9bf3
http://git.kernel.org/stable/c/67f16bf2cc1698fd50e01ee8a2becc5a8e6d3a3e
http://git.kernel.org/stable/c/77d210e8db4d61d43b2d16df66b1ec46fad2ee01
http://git.kernel.org/stable/c/9a9ab0d963621d9d12199df9817e66982582d5a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.