SB20240603103 - Improper locking in Linux kernel ralink rt2x00 driver
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240603103
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2023-52595)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48
- https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e
- https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c
- https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957
- https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83
- https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb
- https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8