CVE-2023-52492NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference33 documents7 sources
Severity
4.4MEDIUMNVD
OSV7.5OSV6.5
EPSS
0.0%
top 99.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 11
Latest updateJun 26

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle kernel NULL

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel5.65.10.210+4
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.15.0-106.116
CVEListV5linux/linuxd2fb0a0438384fee08a418025f743913020033ce9de69732dde4e443c1c7f89acbbed2c45a6a8e17+6
debiandebian/linux< linux 6.1.76-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

16
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-oem-6.5 vulnerabilities2024-06-12
OSV
linux-intel-iotg-5.15 vulnerabilities2024-06-11

📋Vendor Advisories

15
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-12
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-06-11

💬Community

1
Bugzilla
CVE-2023-52492 kernel: dmaengine: fix NULL pointer in channel unregistration function2024-03-12