#VU91240 NULL pointer dereference in Linux kernel


Published: 2024-06-05

Vulnerability identifier: #VU91240

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52631

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/ae4acad41b0f93f1c26cc0fc9135bb79d8282d0b
http://git.kernel.org/stable/c/ec1bedd797588fe38fc11cba26d77bb1d9b194c6
http://git.kernel.org/stable/c/fb7bcd1722bc9bc55160378f5f99c01198fd14a7
http://git.kernel.org/stable/c/686820fe141ea0220fc6fdfc7e5694f915cf64b2
http://git.kernel.org/stable/c/b2dd7b953c25ffd5912dda17e980e7168bebcf6c


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability