CVE-2023-52815

drm/amdgpu/vkms: fix a possible null pointer dereference

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/vkms: fix a possible null pointer dereference

In amdgpu_vkms_conn_get_modes(), the return value of drm_cvt_mode()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_cvt_mode(). Add a check to avoid null pointer
dereference.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu/vkms: soluciona una posible desreferencia del puntero null. En amdgpu_vkms_conn_get_modes(), el valor de retorno de drm_cvt_mode() se asigna al modo, lo que provocará una desreferencia del puntero NULL en falla de drm_cvt_mode(). Agregue una marca para evitar la desreferencia del puntero null.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-24 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/eaa03ea366c85ae3cb69c8d4bbc67c8bc2167a27	2023-11-28
https://git.kernel.org/stable/c/33fb1a555354bd593f785935ddcb5d9dd4d3847f	2023-11-28
https://git.kernel.org/stable/c/8c6c85a073768df68c1a3fea143d013a38c66d34	2023-11-28
https://git.kernel.org/stable/c/70f831f21155c692bb336c434936fd6f24f3f81a	2023-11-28
https://git.kernel.org/stable/c/cd90511557fdfb394bb4ac4c3b539b007383914c	2023-10-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.140 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.140"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.64 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " < 6.5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.7 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7"		en		Affected