#VU99255 NULL pointer dereference in Linux kernel


Vulnerability identifier: #VU99255

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52919

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e
http://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd
http://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612
http://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e
http://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be
http://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a
http://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f
http://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 22.03 LTS SP3 update for kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 22.03 LTS SP1 update for kernel
NULL pointer dereference in Linux kernel nfc nci