NULL pointer dereference in Linux kernel efivarfs



Published: 2024-06-01
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52463
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90660

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52463

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8
http://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826
http://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b
http://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737
http://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548
http://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###