CVE-2023-52686: powerpc/powernv: Add a null pointer check in opal_event_init()
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check in opaleventinit()
kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv: Add a null pointer check in opaleventinit()
The Linux kernel CVE team has assigned CVE-2023-52686 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051752-CVE-2023-52686-4a08@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by the lack of a null pointer check in opaleventinit(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52686?
CVE-2023-52686 is classified as a medium severity vulnerability due to its potential impact on system stability and security.
How do I fix CVE-2023-52686?
To fix CVE-2023-52686, update the Linux kernel to one of the patched versions listed in the vulnerability report.
Which Linux kernel versions are affected by CVE-2023-52686?
CVE-2023-52686 affects multiple kernel versions prior to 4.19.306, 5.4.268, 5.10.209, 5.15.148, 6.1.75, 6.6.14, 6.7.2, and 6.8.
What does the vulnerability CVE-2023-52686 involve?
CVE-2023-52686 involves a null pointer dereference due to lack of checks in the opal_event_init() function of the Linux kernel.
Is my system at risk if it runs an outdated kernel vulnerable to CVE-2023-52686?
Yes, running an outdated kernel that is vulnerable to CVE-2023-52686 puts your system at risk of crashes and potential exploitation.