#VU90921 Double free in Linux kernel


Vulnerability identifier: #VU90921

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52691

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0
http://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706
http://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4
http://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334
http://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2
http://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9
http://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a
http://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability