#VU89837 Out-of-bounds read in Linux kernel - CVE-2023-52768

Cybersecurity Help s.r.o.

Published: 2024-05-27

Vulnerability identifier: #VU89837

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52768

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the wilc_wlan_init() function in drivers/net/wireless/microchip/wilc1000/wlan.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8
https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27
https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e
https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c
https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Security Guardium

SUSE update for the Linux Kernel

Information disclosure in Linux kernel wilc1000 driver