#VU90350 Out-of-bounds read in Linux kernel - CVE-2023-52507

Vulnerability identifier: #VU90350

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52507

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53
https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729
https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb
https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802
https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213
https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848
https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da
https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.