Vulnerability identifier: #VU91198

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52864

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6
http://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203
http://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453
http://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097
http://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e
http://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e
http://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3
http://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.