NULL pointer dereference in Linux kernel nfc nci
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-52919 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU99255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14 - 6.6 rc6
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e
https://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd
https://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612
https://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e
https://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be
https://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a
https://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f
https://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.328
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.199
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.137
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.259
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.60
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
