#VU93668 Buffer overflow in Linux kernel - CVE-2023-52619

Vulnerability identifier: #VU93668

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4
https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb
https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10
https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c
https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a
https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee
https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542
https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.