CVE-2023-28772 is a buffer overflow vulnerability identified in the Linux kernel versions prior to 5.13.3, specifically within the lib/seq_buf.c source file. The vulnerability arises in the seq_buf_putmem_hex function, which improperly handles memory operations leading to a buffer overflow condition. This type of vulnerability is classified under CWE-120, indicating a classic buffer overflow issue where data is written beyond the boundaries of allocated memory buffers. The vulnerability has a CVSS 3.1 base score of 6.7, reflecting a medium severity level. The vector string (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation requires local access (AV:L), low attack complexity (AC:L), and high privileges (PR:H), with no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning successful exploitation could lead to full system compromise including unauthorized data access, modification, or denial of service. No known exploits are currently reported in the wild, and no official patches or vendor-specific product details are provided in the source information. The vulnerability affects Linux kernel versions before 5.13.3, which is widely used in servers, desktops, and embedded systems globally. The buffer overflow in a core kernel component could allow a privileged local attacker to execute arbitrary code or cause a system crash, potentially leading to privilege escalation or denial of service scenarios.

For European organizations, this vulnerability poses a significant risk primarily to systems running vulnerable Linux kernel versions, especially those used in critical infrastructure, enterprise servers, and cloud environments. Given the high impact on confidentiality, integrity, and availability, exploitation could lead to unauthorized access to sensitive data, disruption of services, or full system compromise. Organizations relying on Linux-based systems for critical operations, including financial institutions, government agencies, and telecommunications providers, could face operational disruptions and data breaches. The requirement for local privileged access limits remote exploitation but does not eliminate risk, as insider threats or attackers who gain initial access through other means could leverage this vulnerability for privilege escalation. The lack of known exploits in the wild suggests limited immediate threat, but the presence of a buffer overflow in a widely deployed kernel component necessitates prompt attention to prevent future exploitation. Additionally, embedded Linux devices used in industrial control systems or IoT deployments in Europe could be affected, potentially impacting operational technology environments.

European organizations should prioritize upgrading Linux kernel versions to 5.13.3 or later where this vulnerability is resolved. For systems where immediate kernel upgrades are not feasible, applying vendor-provided patches or backported security fixes is critical. Organizations should implement strict access controls to limit local privileged user access, reducing the risk of exploitation by unauthorized users. Employing kernel security modules such as SELinux or AppArmor can provide additional containment and mitigation layers. Regularly auditing and monitoring privileged user activities and system logs can help detect attempts to exploit this vulnerability. For embedded and IoT devices, coordinate with device manufacturers to obtain firmware updates or mitigations. Network segmentation and limiting administrative access to critical Linux systems can further reduce exposure. Finally, organizations should maintain an up-to-date inventory of Linux kernel versions in use to identify and remediate vulnerable systems promptly.