SB2024110558 - NULL pointer dereference in Linux kernel

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2023-52920)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the BPF_MOV64_REG() and BPF_RAW_INSN() functions in tools/testing/selftests/bpf/verifier/precise.c, within the subprog_spill_reg_precise() function in tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, within the copy_verifier_state(), check_reg_arg(), is_jmp_point(), bt_is_reg_set(), calls_callback(), backtrack_insn(), __mark_chain_precision(), check_stack_write_fixed_off(), check_stack_read_fixed_off(), check_atomic(), push_jmp_history() and do_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/41f6f64e6999a837048b1bd13a2f8742964eca6b
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.70
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8