PT-2021-7679 · Linux+3 · Linux Kernel+3

Published

2021-12-22

Updated

2024-02-27

CVE-2023-23006

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.13

Description The issue is related to the misinterpretation of the mlx5 get uars page return value in the dr domain.c file of the Linux kernel, which expects it to be NULL in the error case, but it is actually an error pointer. This can lead to a denial of service.

Recommendations For versions prior to 5.15.13, update to version 5.15.13 or later to resolve the issue.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-253

Related Identifiers

ALT-PU-2022-1015

ALT-PU-2022-1016

ALT-PU-2022-1026

ALT-PU-2022-1051

ALT-PU-2022-1108

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

ALT-PU-2023-4894

BDU:2023-01216

CVE-2023-23006

OPENSUSE-SU-2023_2646-1

OPENSUSE-SU-2023_2871-1

SUSE-SU-2023:0778-1

SUSE-SU-2023:0779-1

SUSE-SU-2023:0780-1

SUSE-SU-2023:2140-1

SUSE-SU-2023:2141-1

SUSE-SU-2023:2231-1

SUSE-SU-2023:2646-1

SUSE-SU-2023:2809-1

SUSE-SU-2023:2871-1

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Suse

PT-2021-7679 · Linux+3 · Linux Kernel+3

CVE-2023-23006

Weakness Enumeration

Related Identifiers

Affected Products

References · 633