#VU91607 Resource management error in Linux kernel - CVE-2023-52813

Vulnerability identifier: #VU91607

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52813

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818
https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0
https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7
https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d
https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316
https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e
https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf
https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28
https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.