NULL pointer dereference in Linux kernel powerpc perf
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52675 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.8 rc5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3
https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34
https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05
https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0
https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec
https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032
https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6
https://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.306
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.209
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.148
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.268
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.75
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
