#VU89988 Memory leak in Linux kernel - CVE-2023-52670

Vulnerability identifier: #VU89988

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52670

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08
https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d
https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30
https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6
https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346
https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a
https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43
https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.