PT-2024-14743 · Linux+3 · Linux Kernel+3

Paulo Da Silva

Published

2023-11-13

Updated

2025-02-03

CVE-2023-52780

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to the page pool get stats function in the mvneta driver. Calling this function without checks can lead to kernel crashes. The page pool is only available if the bm is not used, and it is not allocated when the port is stopped or in case of errors. This can cause a kernel NULL pointer dereference at virtual address 00000070, resulting in a crash. The issue is triggered when calling ethstats on a port that is down or at the wrong moment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-10562

CVE-2023-52780

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-14743 · Linux+3 · Linux Kernel+3

CVE-2023-52780

Weakness Enumeration

Related Identifiers

Affected Products

References · 1929