#VU93438 Improper locking in Linux kernel - CVE-2023-52791

Vulnerability identifier: #VU93438

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52791

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
http://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809
http://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0
http://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b
http://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c
http://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1
http://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91
http://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.