NULL pointer dereference in Linux kernel - CVE-2023-52873
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90428
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-52873
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6779_apmixed_probe() and clk_mt6779_top_probe() functions in drivers/clk/mediatek/clk-mt6779.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae
- https://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a
- https://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b
- https://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e
- https://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e
- https://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b
- https://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafdfea30c0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.201
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.139
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.261
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7