CVE-2023-52450

perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()

Get logical socket id instead of physical id in discover_upi_topology()
to avoid out-of-bound access on 'upi = &type->topology[nid][idx];' line
that leads to NULL pointer dereference in upi_fill_topology()

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perf/x86/intel/uncore: solucione el problema de desreferencia del puntero NULL en upi_fill_topology(). Obtenga la identificación del socket lógico en lugar de la identificación física en discover_upi_topology() para evitar el acceso fuera de límites en 'upi = &tipo->topología[nid][idx];' línea que conduce a la desreferencia del puntero NULL en upi_fill_topology()

A vulnerability was discovered in the Linux kernel in which certain CPU topologies could result in a null pointer dereference, affecting system stability.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-02-22 CVE Published
2024-03-19 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/f680b6e6062ef3c944ffc966d685f067958fca33	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/bf1bf09e6b599758851457f3999779622a48d015	2024-01-25
https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e	2024-01-25
https://git.kernel.org/stable/c/1692cf434ba13ee212495b5af795b6a07e986ce4	2023-11-30

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52450	2024-07-24
https://bugzilla.redhat.com/show_bug.cgi?id=2265649	2024-07-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.8"		en		Affected