Resource management error in Linux kernel

#VU89387 Resource management error in Linux kernel

Published: 2024-05-13

Vulnerability identifier: #VU89387

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52522

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af
http://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0
http://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa
http://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580
http://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc
http://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 9 update for kernel

Denial of service in Linux kernel