#VU89384 Race condition in Linux kernel - CVE-2023-52578
Vulnerability identifier: #VU89384
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/d2346e6beb699909ca455d9d20c4e577ce900839
https://git.kernel.org/stable/c/ad8d39c7b437fcdab7208a6a56c093d222c008d5
https://git.kernel.org/stable/c/04cc361f029c14dd067ad180525c7392334c9bfd
https://git.kernel.org/stable/c/8bc97117b51d68d5cea8f5351cca2d8c4153f394
https://git.kernel.org/stable/c/89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2
https://git.kernel.org/stable/c/f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa
https://git.kernel.org/stable/c/44bdb313da57322c9b3c108eb66981c6ec6509f4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
