#VU90444 Memory leak in Linux kernel - CVE-2023-52662

Vulnerability identifier: #VU90444

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52662

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf
https://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a
https://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5
https://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6
https://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876
https://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.