#VU90547 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90547

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52675

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3
http://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34
http://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05
http://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0
http://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec
http://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032
http://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6
http://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability