Improper locking in Linux kernel i2c driver



Published: 2024-06-27
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52791
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU93438

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809
http://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0
http://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b
http://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c
http://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1
http://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91
http://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###