Vulnerability identifier: #VU93668

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4
http://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb
http://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10
http://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c
http://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a
http://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee
http://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542
http://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.