#VU90841 NULL pointer dereference in Linux kernel


Published: 2024-06-03

Vulnerability identifier: #VU90841

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52607

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611
http://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e
http://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b
http://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7
http://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1
http://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532
http://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74
http://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP1 update for kernel
openEuler 22.03 LTS update for kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
NULL pointer dereference in Linux kernel powerpc mm