CVE-2023-52463

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc1-00108-gc7d0c4695c68

Description The vulnerability is related to the efivarfs filesystem in the Linux kernel. When the SetVariable function is not supported by the firmware at runtime, the efivarfs filesystem is mounted as read-only (RO) to prevent it from being called. However, the kernel does not check the permission flags when the filesystem is remounted as read-write (RW), leading to a crash. This issue can be exploited to cause a denial of service.

To resolve this issue, a .reconfigure() function can be added to the fs operations to check the requested flags and deny anything that's not RO if the firmware doesn't implement SetVariable at runtime.

Recommendations To fix the vulnerability, update the Linux kernel to a version that includes the fix, which adds a .reconfigure() function to the fs operations. This function checks the requested flags and denies anything that's not RO if the firmware doesn't implement SetVariable at runtime.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.