#VU90349 Out-of-bounds read in Linux kernel - CVE-2023-52525
Vulnerability identifier: #VU90349
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_rx_packet() function in drivers/net/wireless/marvell/mwifiex/sta_rx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/71b1d2b57f145c8469aa9346f0fd57bf59b2b89c
https://git.kernel.org/stable/c/16cc18b9080892d1a0200a38e36ae52e464bc555
https://git.kernel.org/stable/c/b8e260654a29de872e7cb85387d8ab8974694e8e
https://git.kernel.org/stable/c/10a18c8bac7f60d32b7af22da03b66f350beee38
https://git.kernel.org/stable/c/5afb996349cb6d1f14d6ba9aaa7aed3bd82534f6
https://git.kernel.org/stable/c/6b706286473db4fd54b5f869faa67f4a8cb18e99
https://git.kernel.org/stable/c/be2ff39b1504c5359f4a083c1cfcad21d666e216
https://git.kernel.org/stable/c/aef7a0300047e7b4707ea0411dc9597cba108fc8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
