#VU91084 Out-of-bounds read in Linux kernel - CVE-2023-52835

Vulnerability identifier: #VU91084

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52835

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f
https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734
https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece
https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a
https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a
https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a
https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb
https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.