CVE-2023-52809: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
In the Linux kernel, the following vulnerability has been resolved:
scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup()
fclportptpsetup() did not check the return value of fcrportcreate() which can return NULL and would cause a NULL pointer dereference. Address this issue by checking return value of fcrportcreate() and log error message on fcrportcreate() failed.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup()
The Linux kernel CVE team has assigned CVE-2023-52809 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052102-CVE-2023-52809-f07c@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in fclportptpsetup(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52809?
CVE-2023-52809 has a moderate severity rating due to the potential for a NULL pointer dereference leading to system instability.
How do I fix CVE-2023-52809?
To mitigate CVE-2023-52809, update the Linux kernel to versions 4.14.331, 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, or later.
Which Linux kernel versions are affected by CVE-2023-52809?
CVE-2023-52809 affects multiple versions of the Linux kernel prior to 4.14.331, 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, and 6.6.3.
Is there a workaround for CVE-2023-52809?
There is no known workaround for CVE-2023-52809, and the recommended solution is to apply the appropriate kernel updates.
What component of the Linux kernel is impacted by CVE-2023-52809?
CVE-2023-52809 specifically impacts the SCSI subsystem within the Linux kernel, highlighting an issue in the fc_lport_ptp_setup() function.