#VU93068 Infinite loop in Linux kernel - CVE-2023-52644
Vulnerability identifier: #VU93068
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010
https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240
https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08
https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455
https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d
https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83
https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436
https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610
https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
