#VU90867 Use of uninitialized resource in Linux kernel


Published: 2024-06-03

Vulnerability identifier: #VU90867

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52845

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d
http://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6
http://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0
http://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294
http://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8
http://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4
http://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04
http://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709
http://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP1 update for kernel
openEuler 20.03 LTS SP4 update for kernel
Use of uninitialized resource in Linux kernel tipc