#VU91307 Buffer overflow in Linux kernel - CVE-2023-52756
Vulnerability identifier: #VU91307
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52756
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/linux/pwm.h. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/bce1f7c7e9812da57de1dda293cba87c693e9958
https://git.kernel.org/stable/c/a98ff250b5af87f92f17bb9725cb21de1931ee57
https://git.kernel.org/stable/c/eca19db60f99925461f49c3fd743733881395728
https://git.kernel.org/stable/c/e52518b9cb9fc98fc043c8fb2b8cfc619ca8a88b
https://git.kernel.org/stable/c/a7ee519e8095d9c834086d0ff40da11415e1e4d7
https://git.kernel.org/stable/c/1fb3a9c59e7f7d2b1d737a0d6e02e31d5b516455
https://git.kernel.org/stable/c/c19a8794bf4fe45cff997f07a75ea84cc9e5d89c
https://git.kernel.org/stable/c/45d0a298e05adee521f6fe605d6a88341ba07edd
https://git.kernel.org/stable/c/d27abbfd4888d79dd24baf50e774631046ac4732
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
