#VU91477 Race condition in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91477

Vulnerability risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52645

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the scpsys_add_subdomain() and scpsys_remove_one_domain() functions in drivers/soc/mediatek/mtk-pm-domains.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438
http://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff
http://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25
http://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b
http://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Ubuntu update for linux-oem-6.5
Ubuntu update for linux-raspi
Ubuntu update for linux-aws-6.5
Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-azure-6.5
Ubuntu update for linux
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel