#VU90548 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90548

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52686

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4
http://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031
http://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf
http://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7
http://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9
http://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877
http://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997722ee42
http://git.kernel.org/stable/c/8649829a1dd25199bbf557b2621cedb4bf9b3050


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability