#VU90921 Double free in Linux kernel - CVE-2023-52691
Vulnerability identifier: #VU90921
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0
https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706
https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4
https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334
https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2
https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9
https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a
https://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
