Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-52672 |
CWE-ID | CWE-667 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU92024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8
http://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9
http://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f
http://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24
http://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55
http://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.