#VU92943 Improper error handling in Linux kernel - CVE-2023-52657

Cybersecurity Help s.r.o.

Published: 2024-06-20

Vulnerability identifier: #VU92943

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52657

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the si_dpm_enable() and si_dpm_process_interrupt() functions in drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94
https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f
https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6
https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper error handling in Linux kernel pm legacy-dpm driver