#VU90460 NULL pointer dereference in Linux kernel - CVE-2023-52870

Vulnerability identifier: #VU90460

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52870

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_mt6765_apmixed_probe(), clk_mt6765_top_probe() and clk_mt6765_ifr_probe() functions in drivers/clk/mediatek/clk-mt6765.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/2617aa8ceaf30e41d3eb7f5fef3445542bef193a
https://git.kernel.org/stable/c/533ca5153ad6c7b7d47ae0114b14d0333964b946
https://git.kernel.org/stable/c/dd1f30d68fa98eb672c0a259297b761656a9025f
https://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480
https://git.kernel.org/stable/c/b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc
https://git.kernel.org/stable/c/b82681042724924ae3ba0f2f2eeec217fa31e830

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.