CVE-2023-52448
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
22/02/2024
Last modified:
04/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump<br />
<br />
Syzkaller has reported a NULL pointer dereference when accessing<br />
rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating<br />
rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in<br />
gfs2_rgrp_dump() to prevent that.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.268 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5.0 (including) | 5.10.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11.0 (including) | 5.15.148 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16.0 (including) | 6.1.75 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2.0 (including) | 6.6.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7.0 (including) | 6.7.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05
- https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37
- https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa
- https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a
- https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a
- https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178
- https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde