NULL pointer dereference in Linux kernel

#VU87741 NULL pointer dereference in Linux kernel

Published: 2024-03-22

Vulnerability identifier: #VU87741

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52448

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde
http://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37
http://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178
http://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a
http://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05
http://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a
http://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP3 update for kernel

openEuler 22.03 LTS SP2 update for kernel

openEuler 22.03 LTS SP1 update for kernel

openEuler 22.03 LTS update for kernel

Denial of service in Linux kernel gfs2