CVE-2023-52449

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference in the Linux kernel's mtd module, specifically when the ftl notifier is triggered and tries to access gluebi->desc in gluebi read(). This occurs when both ftl.ko and gluebi.ko are loaded. The normal case involves obtaining gluebi->desc in gluebi get device() and accessing it in gluebi read(), but gluebi get device() is not executed in advance in the ftl add mtd() process, leading to the NULL pointer dereference. The solution involves running jffs2 on the UBI volume without considering working with ftl or mtdblock. This problem can be avoided by preventing gluebi from creating the mtdblock device after creating an mtd partition of the type MTD UBIVOLUME.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.