#VU90432 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90432

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52817

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398
http://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9
http://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a
http://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455
http://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736
http://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288
http://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996
http://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 22.03 LTS update for kernel
NULL pointer dereference in Linux kernel amd amdgpu driver