#VU75996 Race condition in Linux kernel - CVE-2023-30772
Vulnerability identifier: #VU75996
Vulnerability risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: before 6.2.9, 6.2.9
External links
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
https://bugzilla.suse.com/show_bug.cgi?id=1210329
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
