NULL pointer dereference in Linux kernel qlogic qed driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-53066 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU108461
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53066
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qed_iov_configure_min_tx_rate() and qed_iov_handle_trust_change() functions in drivers/net/ethernet/qlogic/qed/qed_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.15 - 5.15.104
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.15:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15.1:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/25143b6a01d0cc5319edd3de22ffa2578b045550
https://git.kernel.org/stable/c/39c3b9dd481c3afce9439b29bafe00444cb4406b
https://git.kernel.org/stable/c/42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270
https://git.kernel.org/stable/c/7742c08e012eb65405e8304d100641638c5ff882
https://git.kernel.org/stable/c/7bd0037822fd04da13721f77a42ee5a077d4c5fb
https://git.kernel.org/stable/c/97ea704f39b5ded96f071e98701aa543f6f89683
https://git.kernel.org/stable/c/b224b0cab3a66e93d414825065a2e667a1d28c32
https://git.kernel.org/stable/c/e42d3bde4ec03c863259878dddaef5c351cca7ad
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.105
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
