NULL pointer dereference in Linux kernel

#VU90660 NULL pointer dereference in Linux kernel

Published: 2024-06-01

Vulnerability identifier: #VU90660

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52463

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8
http://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826
http://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b
http://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737
http://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548
http://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Cloud Tiering Appliance

NULL pointer dereference in Linux kernel efivarfs