#VU90349 Out-of-bounds read in Linux kernel - CVE-2023-52525


Vulnerability identifier: #VU90349

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52525

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_rx_packet() function in drivers/net/wireless/marvell/mwifiex/sta_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/71b1d2b57f145c8469aa9346f0fd57bf59b2b89c
https://git.kernel.org/stable/c/16cc18b9080892d1a0200a38e36ae52e464bc555
https://git.kernel.org/stable/c/b8e260654a29de872e7cb85387d8ab8974694e8e
https://git.kernel.org/stable/c/10a18c8bac7f60d32b7af22da03b66f350beee38
https://git.kernel.org/stable/c/5afb996349cb6d1f14d6ba9aaa7aed3bd82534f6
https://git.kernel.org/stable/c/6b706286473db4fd54b5f869faa67f4a8cb18e99
https://git.kernel.org/stable/c/be2ff39b1504c5359f4a083c1cfcad21d666e216
https://git.kernel.org/stable/c/aef7a0300047e7b4707ea0411dc9597cba108fc8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability