#VU91240 NULL pointer dereference in Linux kernel - CVE-2023-52631


Vulnerability identifier: #VU91240

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52631

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/ae4acad41b0f93f1c26cc0fc9135bb79d8282d0b
https://git.kernel.org/stable/c/ec1bedd797588fe38fc11cba26d77bb1d9b194c6
https://git.kernel.org/stable/c/fb7bcd1722bc9bc55160378f5f99c01198fd14a7
https://git.kernel.org/stable/c/686820fe141ea0220fc6fdfc7e5694f915cf64b2
https://git.kernel.org/stable/c/b2dd7b953c25ffd5912dda17e980e7168bebcf6c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Ubuntu update for linux-oem-6.5
Ubuntu update for linux-aws-6.5
Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-azure-6.5
Ubuntu update for linux
Debian update for linux
SUSE update for the Linux Kernel
Slackware Linux update for kernel
Ubuntu update for linux-intel-iotg