#VU90287 Out-of-bounds read in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90287

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52807

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hns3_get_coal_info() function in drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09
http://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792
http://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4
http://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability