NULL pointer dereference in Linux kernel powerpc mm



Published: 2024-06-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52607
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90841

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52607

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611
http://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e
http://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b
http://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7
http://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1
http://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532
http://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74
http://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###