#VU91556 Improper Initialization in Linux kernel - CVE-2023-52616

Vulnerability identifier: #VU91556

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52616

CWE-ID: CWE-665

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165
https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6
https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598
https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a
https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49
https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.