Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-52448 |
CWE-ID | CWE-476 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU87741
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52448
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: before 5.4.268
External linkshttp://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde
http://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37
http://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178
http://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a
http://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05
http://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a
http://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.