NULL pointer dereference in Linux kernel tty driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52789 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90421
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52789
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3
http://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200
http://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac
http://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc
http://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06
http://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2
http://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9
http://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a
http://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
