Denial of service in Linux kernel s390 ptrace



Published: 2024-07-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52598
CWE-ID CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU93864

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52598

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713
http://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8
http://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a
http://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25
http://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3
http://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1
http://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4
http://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###