#VU93650 Improper error handling in Linux kernel - CVE-2023-52784
Vulnerability identifier: #VU93650
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe
https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc
https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c
https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4
https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c
https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859
https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
