CVE-2023-23005

CWE-476 — NULL Pointer Dereference CWE-252 — Unchecked Return Value7 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 71.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Suse Linux Enterprise Server

Timeline

PublishedMar 1

Latest updateMar 14

Description

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel< 6.2

▶Debianlinux< 6.3.7-1+1

▶NVDsuse/linux_enterprise_server15

Patches

Patch: bugzilla.suse.com ↗Patch: cdn.kernel.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-ghmc-655x-wwhc: In the Linux kernel before 6↗2023-03-01

▶

CVEList

CVE-2023-23005: In the Linux kernel before 6↗2023-03-01

▶

OSV

CVE-2023-23005: In the Linux kernel before 6↗2023-03-01

▶

📋Vendor Advisories

Microsoft

In the Linux kernel before 6.2 mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case whereas it is actually an error pointer). NOTE: this is dispu↗2023-03-14

▶

Debian

CVE-2023-23005: linux - In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory...↗2023

▶

Red Hat

kernel: incorrect check for error case in the memory_tier_init↗2022-12-01

▶