CVE-2023-4385 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.5MEDIUMNVD

OSV6.5

EPSS

0.0%

top 99.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.126.1-1 ON CBL Mariner 2.0

Timeline

PublishedAug 16

Latest updateSep 19

Description

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Debianlinux/linux_kernel< 5.10.127-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-245.279

▶NVDlinux/linux_kernel5.18.19

▶debiandebian/linux< linux 5.18.5-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.126.1-1_on_cbl_mariner_2.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2023-09-19

▶

OSV

CVE-2023-4385: A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap↗2023-08-16

▶

GHSA

GHSA-r4x5-77vp-hgvg: A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap↗2023-08-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2023-09-19

▶

Microsoft

Kernel: jfs: null pointer dereference in dbfree()↗2023-08-08

▶

Debian

CVE-2023-4385: linux - A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the ...↗2023

▶

Red Hat

kernel: jfs: NULL pointer dereference in dbFree()↗2022-04-11

▶