Denial of service in Linux kernel gfs2



Published: 2024-03-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52448
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU87741

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52448

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 5.4.268

External links

http://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde
http://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37
http://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178
http://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a
http://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05
http://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a
http://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###