Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52833

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
21/05/2024
Last modified:
31/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: btusb: Add date-&gt;evt_skb is NULL check<br /> <br /> fix crash because of null pointers<br /> <br /> [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8<br /> [ 6104.969667] #PF: supervisor read access in kernel mode<br /> [ 6104.969668] #PF: error_code(0x0000) - not-present page<br /> [ 6104.969670] PGD 0 P4D 0<br /> [ 6104.969673] Oops: 0000 [#1] SMP NOPTI<br /> [ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb]<br /> [ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246<br /> [ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006<br /> [ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000<br /> [ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001<br /> [ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0<br /> [ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90<br /> [ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000<br /> [ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0<br /> [ 6104.969701] PKRU: 55555554<br /> [ 6104.969702] Call Trace:<br /> [ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb]<br /> [ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth]<br /> [ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth]<br /> [ 6104.969753] rfkill_set_block+0x92/0x160<br /> [ 6104.969755] rfkill_fop_write+0x136/0x1e0<br /> [ 6104.969759] __vfs_write+0x18/0x40<br /> [ 6104.969761] vfs_write+0xdf/0x1c0<br /> [ 6104.969763] ksys_write+0xb1/0xe0<br /> [ 6104.969765] __x64_sys_write+0x1a/0x20<br /> [ 6104.969769] do_syscall_64+0x51/0x180<br /> [ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9<br /> [ 6104.969773] RIP: 0033:0x7f5a21f18fef<br /> [ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001<br /> [ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef<br /> [ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012<br /> [ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017<br /> [ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002<br /> [ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.202 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.5.13 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6 (including) 6.6.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools