#VU94434 Out-of-bounds read in Linux kernel


Published: 2024-07-17

Vulnerability identifier: #VU94434

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52886

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_bMaxPacketSize0(), hub_port_init(), hub_port_connect() and usb_reset_and_verify_device() functions in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/9d241c5d9a9b7ad95c90c6520272fe404d5ac88f
http://git.kernel.org/stable/c/7fe9d87996062f5eb0ca476ad0257f79bf43aaf5
http://git.kernel.org/stable/c/8186596a663506b1124bede9fde6f243ef9f37ee
http://git.kernel.org/stable/c/b4a074b1fb222164ed7d5c0b8c922dc4a0840848
http://git.kernel.org/stable/c/b9fbfb349eacc0820f91c797d7f0a3ac7a4935b5
http://git.kernel.org/stable/c/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Out-of-bounds read in Linux kernel usb core driver