#VU91308 Buffer overflow in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91308

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52867

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783
http://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f
http://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783
http://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896
http://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94
http://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58
http://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855
http://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45
http://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 22.03 LTS update for kernel
Buffer overflow in Linux kernel drm radeon driver