#VU90423 NULL pointer dereference in Linux kernel - CVE-2023-52869


Vulnerability identifier: #VU90423

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52869

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pstore_register() function in fs/pstore/platform.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/bb166bdae1a7d7db30e9be7e6ccaba606debc05f
http://git.kernel.org/stable/c/379b120e4f27fd1cf636a5f85570c4d240a3f688
http://git.kernel.org/stable/c/63f637309baadf81a095f2653e3b807d4b5814b9
http://git.kernel.org/stable/c/1c426da79f9fc7b761021b5eb44185ba119cd44a
http://git.kernel.org/stable/c/ad5cb6deb41417ef41b9d6ff54f789212108606f
http://git.kernel.org/stable/c/a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP1 update for kernel
NULL pointer dereference in Linux kernel pstore