#VU89390 NULL pointer dereference in Linux kernel - CVE-2023-52574

Vulnerability identifier: #VU89390

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52574

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457
https://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7
https://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d
https://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7
https://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255
https://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58
https://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d
https://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.