CVE-2023-52866

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc2+

Description The vulnerability is related to a user-memory-access bug in the uclogic params ugee v2 init event hooks() function. When CONFIG HID UCLOGIC=y and CONFIG KUNIT ALL TESTS=y, the bug occurs, causing a general protection fault. The issue arises when hid test uclogic params cleanup event hooks() calls uclogic params ugee v2 init event hooks() with a null argument, leading to a null pointer dereference in uclogic params ugee v2 has battery(). The vulnerability can be exploited to cause a denial of service.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the uclogic params ugee v2 init event hooks() function. Specifically, update to a version later than 6.6.0-rc2+.

As a temporary workaround, consider disabling the uclogic params ugee v2 init event hooks() function until a patch is available. However, this may have unintended consequences and should be approached with caution.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.