#VU89393 Use of uninitialized resource in Linux kernel


Published: 2024-05-13

Vulnerability identifier: #VU89393

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52477

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/c64e4dca9aefd232b17ac4c779b608b286654e81
http://git.kernel.org/stable/c/8e7346bfea56453e31b7421c1c17ca2fb9ed613d
http://git.kernel.org/stable/c/6ad3e9fd3632106696692232bf7ff88b9f7e1bc3
http://git.kernel.org/stable/c/241f230324337ed5eae3846a554fb6d15169872c
http://git.kernel.org/stable/c/528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b
http://git.kernel.org/stable/c/fb9895ab9533534335fa83d70344b397ac862c81
http://git.kernel.org/stable/c/136f69a04e71ba3458d137aec3bb2ce1232c0289
http://git.kernel.org/stable/c/f74a7afc224acd5e922c7a2e52244d891bbe44ee

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for kernel-rt
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Multiple vulnerabilities in Dell EMC VxRail Appliance
openEuler 22.03 LTS update for kernel
Denial of service in Linux kernel usb implementation