SB20240603141 - Use of uninitialized resource in Linux kernel llc

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of uninitialized resource (CVE-ID: CVE-2023-52843)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535
• https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c
• https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f
• https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779
• https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b
• https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29
• https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a
• https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79
• https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.330
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.299
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.201
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.139
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.261
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.63
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7