#VU90435 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90435

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52855

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72
http://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d
http://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e
http://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6
http://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001
http://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790
http://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d
http://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90
http://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability