Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52911

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
21/08/2024
Last modified:
12/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm: another fix for the headless Adreno GPU<br /> <br /> Fix another oops reproducible when rebooting the board with the Adreno<br /> GPU working in the headless mode (e.g. iMX platforms).<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read<br /> [00000000] *pgd=74936831, *pte=00000000, *ppte=00000000<br /> Internal error: Oops: 17 [#1] ARM<br /> CPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11<br /> Hardware name: Freescale i.MX53 (Device Tree Support)<br /> PC is at msm_atomic_commit_tail+0x50/0x970<br /> LR is at commit_tail+0x9c/0x188<br /> pc : [] lr : [] psr: 600e0013<br /> sp : e0851d30 ip : ee4eb7eb fp : 00090acc<br /> r10: 00000058 r9 : c2193014 r8 : c4310000<br /> r7 : c4759380 r6 : 07bef61d r5 : 00000000 r4 : 00000000<br /> r3 : c44cc440 r2 : 00000000 r1 : 00000000 r0 : 00000000<br /> Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none<br /> Control: 10c5387d Table: 74910019 DAC: 00000051<br /> Register r0 information: NULL pointer<br /> Register r1 information: NULL pointer<br /> Register r2 information: NULL pointer<br /> Register r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024<br /> Register r4 information: NULL pointer<br /> Register r5 information: NULL pointer<br /> Register r6 information: non-paged memory<br /> Register r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128<br /> Register r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048<br /> Register r9 information: non-slab/vmalloc memory<br /> Register r10 information: non-paged memory<br /> Register r11 information: non-paged memory<br /> Register r12 information: non-paged memory<br /> Process reboot (pid: 51, stack limit = 0xc80046d9)<br /> Stack: (0xe0851d30 to 0xe0852000)<br /> 1d20: c4759380 fbd77200 000005ff 002b9c70<br /> 1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058<br /> 1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c<br /> 1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468<br /> 1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810<br /> 1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00<br /> 1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8<br /> 1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854<br /> 1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000<br /> 1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60<br /> 1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4<br /> 1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /> 1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058<br /> 1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028<br /> 1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc<br /> 1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000<br /> msm_atomic_commit_tail from commit_tail+0x9c/0x188<br /> commit_tail from drm_atomic_helper_commit+0x160/0x188<br /> drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0<br /> drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0<br /> drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140<br /> drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240<br /> device_shutdown from kernel_restart+0x38/0x90<br /> kernel_restart from __do_sys_reboot+0x<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19.17 (including) 6.0 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.0.3 (including) 6.1 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1 (including) 6.1.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools