Information disclosure in Linux kernel mmc core driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52730 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU91333
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52730
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/92ff03c2563c9b57a027c744750f3b7d2f261c58
http://git.kernel.org/stable/c/5c7858adada31dbed042448cff6997dd6efc472a
http://git.kernel.org/stable/c/761db46b29b496946046d8cb33c7ea6de6bef36e
http://git.kernel.org/stable/c/30716d9f0fa1766e522cf24c8a456244e4fc9931
http://git.kernel.org/stable/c/1e06cf04239e202248c8fa356bf11449dc73cfbd
http://git.kernel.org/stable/c/f855d31bb38d663c3ba672345d7cce9324ba3b72
http://git.kernel.org/stable/c/605d9fb9556f8f5fb4566f4df1480f280f308ded
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
