#VU91425 Integer overflow in Linux kernel


Vulnerability identifier: #VU91425

Vulnerability risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52832

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f
http://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62
http://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18
http://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea
http://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846
http://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6
http://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a
http://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7
http://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability