#VU90350 Out-of-bounds read in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90350

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52507

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53
http://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729
http://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb
http://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802
http://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213
http://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848
http://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da
http://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability