#VU90803 Improper locking in Linux kernel - CVE-2023-52595
Vulnerability identifier: #VU90803
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48
https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e
https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c
https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957
https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83
https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb
https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
