Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-52492
HistoryMar 11, 2024 - 12:00 a.m.

CVE-2023-52492

2024-03-1100:00:00
ubuntu.com
ubuntu.com
7
linux kernel
dmaengine
null pointer vulnerability
unregistration function

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fix NULL pointer in channel unregistration function
__dma_async_device_channel_register() can fail. In case of failure,
chan->local is freed (with free_percpu()), and chan->local is nullified.
When dma_async_device_unregister() is called (because of managed API or
intentionally by DMA controller driver), channels are unconditionally
unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle
kernel NULL pointer dereference at virtual address 00000000000000d0 […] [
1.484499] Call trace: [ 1.486930] device_del+0x40/0x394 [ 1.490314]
device_unregister+0x20/0x7c [ 1.494220]
__dma_async_device_channel_unregister+0x68/0xc0 Look at
dma_async_device_register() function error path, channel device
unregistration is done only if chan->local is not NULL. Then add the same
condition at the beginning of __dma_async_device_channel_unregister()
function, to avoid NULL pointer issue whatever the API used to reach this
function.

Notes

Author Note
rodrigo-zaiden USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.

References

Related

redhatcve 1
cvelist 1
debiancve 1
nvd 1
prion 1
cve 1
nessus 30
openvas 28
osv 16
ubuntu 9
slackware 1
debian 1
redhatcve
redhatcve
CVE-2023-52492
2024-03-12 16:11:38
cvelist
cvelist
CVE-2023-52492 dmaengine: fix NULL pointer in channel unregistration function
2024-02-29 15:52:10
debiancve
debiancve
CVE-2023-52492
2024-03-11 18:15:16
nvd
nvd
CVE-2023-52492
2024-03-11 18:15:16
prion
prion
Null pointer dereference
2024-03-11 18:15:00
cve
cve
CVE-2023-52492
2024-03-11 18:15:16
nessus
nessus
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-517)
2024-02-20 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-039)
2024-03-06 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-053)
2024-04-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1320-1)
2024-04-19 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1321-1)
2024-04-19 00:00:00
Ubuntu: Security Advisory (USN-6766-1)
2024-05-08 00:00:00
osv
osv
linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities
2024-05-07 19:22:43
linux-hwe-5.15, linux-raspi vulnerabilities
2024-05-15 15:15:08
linux-aws, linux-aws-5.15 vulnerabilities
2024-05-20 13:05:13
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-05-15 00:00:00
Linux kernel (AWS) vulnerabilities
2024-05-20 00:00:00
Linux kernel vulnerabilities
2024-05-07 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11
debian
debian
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON
Related for UB:CVE-2023-52492
redhatcve1cvelist1debiancve1nvd1prion1cve1nessus30openvas28osv16ubuntu9slackware1debian1