#VU93474 Resource management error in Linux kernel - CVE-2023-52617
Vulnerability identifier: #VU93474
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355
https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c
https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8
https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a
https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3
https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693
https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
