CVE-2023-52607: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
In the Linux kernel, the following vulnerability has been resolved:
powerpc/mm: Fix null-pointer dereference in pgtablecacheadd
kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
powerpc/mm: Fix null-pointer dereference in pgtablecacheadd
The Linux kernel CVE team has assigned CVE-2023-52607 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030647-CVE-2023-52607-75d1@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52607?
CVE-2023-52607 is classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2023-52607?
To fix CVE-2023-52607, update your Linux kernel to one of the patched versions listed in the vulnerability report.
Which versions of the Linux kernel are affected by CVE-2023-52607?
CVE-2023-52607 affects multiple kernel versions, including those prior to 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, 6.7.4, and 6.8.
What kind of issue does CVE-2023-52607 represent in the Linux kernel?
CVE-2023-52607 represents a null-pointer dereference vulnerability in the Linux kernel's powerpc/mm implementation.
Is there a specific mitigation for CVE-2023-52607 prior to patching?
There is no specific mitigation for CVE-2023-52607 other than updating the kernel; users should apply the patches as soon as possible.