#VU90918 Reachable assertion in Linux kernel


Published: 2024-06-03

Vulnerability identifier: #VU90918

Vulnerability risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52444

CWE-ID: CWE-617

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46
http://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024
http://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310
http://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77
http://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7
http://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728
http://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862
http://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-azure
Ubuntu update for linux-azure
Ubuntu update for linux
Ubuntu update for linux
Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-nvidia-6.5
Ubuntu update for linux-laptop
Ubuntu update for linux-oem-6.5
Ubuntu update for linux-aws
Ubuntu update for linux