#VU91226 NULL pointer dereference in Linux kernel - CVE-2023-52753
Vulnerability identifier: #VU91226
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd
https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195
https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db
https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9
https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c
https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68
https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89
https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
