PT-2023-9707 · Linux+3 · Linux Kernel+3

Tomi Valkeinen

Published

2023-09-05

Updated

2025-02-03

CVE-2023-52856

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc2+

Description The vulnerability is related to the lt8912b driver in the Linux kernel, which causes a crash on bridge detach due to a NULL pointer dereference. The driver's bridge detach function calls drm connector unregister() and drm connector cleanup(), but these functions should only be called for connectors explicitly registered with drm connector register(), which is not the case in lt8912b. This results in a kernel crash.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. Specifically, versions prior to 6.5.0-rc2+ are affected, so updating to 6.5.0-rc2+ or later will resolve the issue.

At the moment, there is no information about a newer version that contains a fix for this vulnerability, other than updating to 6.5.0-rc2+ or later.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-10209

CVE-2023-52856

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9707 · Linux+3 · Linux Kernel+3

CVE-2023-52856

Weakness Enumeration

Related Identifiers

Affected Products

References · 2537