SB20240610118 - Use of uninitialized resource in Linux kernel acpi driver
Published: June 10, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240610118
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2023-52693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8
- https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3
- https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f
- https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af
- https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95
- https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c
- https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852df0f15f
- https://git.kernel.org/stable/c/ccd45faf4973746c4f30ea41eec864e5cf191099
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.306
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.209
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.148
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8