NULL pointer dereference in Linux kernel clk mediatek driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52870 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90460
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52870
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6765_apmixed_probe(), clk_mt6765_top_probe() and clk_mt6765_ifr_probe() functions in drivers/clk/mediatek/clk-mt6765.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/2617aa8ceaf30e41d3eb7f5fef3445542bef193a
http://git.kernel.org/stable/c/533ca5153ad6c7b7d47ae0114b14d0333964b946
http://git.kernel.org/stable/c/dd1f30d68fa98eb672c0a259297b761656a9025f
http://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480
http://git.kernel.org/stable/c/b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc
http://git.kernel.org/stable/c/b82681042724924ae3ba0f2f2eeec217fa31e830
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
