#VU91607 Resource management error in Linux kernel


Published: 2024-06-10

Vulnerability identifier: #VU91607

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52813

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818
http://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0
http://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7
http://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d
http://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316
http://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e
http://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf
http://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28
http://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS update for kernel
Denial of service in Linux kernel crypto