#VU89245 NULL pointer dereference in Linux kernel - CVE-2023-52443
Vulnerability identifier: #VU89245
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: before 4.19.306, 4.19.306
External links
https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e
https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf
https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87
https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4
https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45
https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203
https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e
https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
