CVE-2023-52467 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

References

Link	Resource
https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c	Patch
https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1	Patch
https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001	Patch
https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973	Patch
https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875	Patch
https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-25T08:16:31.745Z

Updated: 2024-05-28T19:49:58.542Z

Reserved: 2024-02-20T12:30:33.297Z

Link: CVE-2023-52467

JSON object: View

NVD Information

Status : Modified

Published: 2024-02-26T16:27:48.657

Modified: 2024-06-25T21:15:53.350

Link: CVE-2023-52467

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52467", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.297Z", "datePublished": "2024-02-25T08:16:31.745Z", "dateUpdated": "2024-05-28T19:49:58.542Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-28T19:49:58.542Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: syscon: Fix null pointer dereference in of_syscon_register()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mfd/syscon.c"], "versions": [{"version": "e15d7f2b81d2", "lessThan": "927626a20738", "status": "affected", "versionType": "git"}, {"version": "e15d7f2b81d2", "lessThan": "c3e3a2144bf5", "status": "affected", "versionType": "git"}, {"version": "e15d7f2b81d2", "lessThan": "527e8c5f3d00", "status": "affected", "versionType": "git"}, {"version": "e15d7f2b81d2", "lessThan": "3ef1130deee9", "status": "affected", "versionType": "git"}, {"version": "e15d7f2b81d2", "lessThan": "7f2c410ac470", "status": "affected", "versionType": "git"}, {"version": "e15d7f2b81d2", "lessThan": "41673c66b3d0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mfd/syscon.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.209", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875"}, {"url": "https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b"}, {"url": "https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001"}, {"url": "https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c"}, {"url": "https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973"}, {"url": "https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}], "title": "mfd: syscon: Fix null pointer dereference in of_syscon_register()", "x_generator": {"engine": "bippy-a5840b7849dd"}}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDB2CF71-A47E-4390-B675-6597A78D6ADE", "versionEndExcluding": "5.10.209", "versionStartIncluding": "5.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B", "versionEndExcluding": "5.15.148", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9", "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: syscon: Fix null pointer dereference in of_syscon_register()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mfd: syscon: corrige la desreferencia del puntero nulo en of_syscon_register() kasprintf() devuelve un puntero a la memoria asignada din\u00e1micamente que puede ser NULL en caso de falla."}], "id": "CVE-2023-52467", "lastModified": "2024-06-25T21:15:53.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:27:48.657", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}