CVE-2023-31084

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.2

Description An issue was discovered in the Linux kernel, specifically in the drivers/media/dvb-core/dvb frontend.c file. The problem arises from a blocking operation when a task is not in the TASK RUNNING state. This occurs in the dvb frontend get event function, where wait event interruptible is called with the condition dvb frontend test event(fepriv, events). Within dvb frontend test event, down(&fepriv->sem) is called, which may block the process. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For Linux kernel version 6.2, as a temporary workaround, consider disabling the dvb frontend test event() function until a patch is available. Restrict access to the vulnerable module drivers/media/dvb-core/dvb frontend.c to minimize the risk of exploitation. Avoid using the fepriv and events variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.