NULL pointer dereference in Linux kernel nfc nci
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52919 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU99255
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttp://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e
http://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd
http://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612
http://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e
http://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be
http://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a
http://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f
http://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
