#VU91198 Buffer overflow in Linux kernel - CVE-2023-52864
Vulnerability identifier: #VU91198
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6
https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203
https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453
https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097
https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e
https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e
https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3
https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
