Denial of service in Linux kernel crypto
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52813 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU91607
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818
http://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0
http://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7
http://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d
http://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316
http://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e
http://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf
http://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28
http://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
