2266212 – (CVE-2023-52467) CVE-2023-52467 kernel:null pointer dereference in of_syscon_register()

Bug 2266212 (CVE-2023-52467) - CVE-2023-52467 kernel:null pointer dereference in of_syscon_register()

Summary: CVE-2023-52467 kernel:null pointer dereference in of_syscon_register()

Keywords:
Status:	NEW
Alias:	CVE-2023-52467
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266333
Blocks:	2266208
TreeView+	depends on / blocked

Reported:	2024-02-27 05:15 UTC by Rohit Keshri
Modified:	2024-11-12 09:19 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:9315	0	None	None	None	2024-11-12 09:19:01 UTC

Description Rohit Keshri 2024-02-27 05:15:19 UTC

In the Linux kernel, the following vulnerability has been resolved:

mfd: syscon: Fix null pointer dereference in of_syscon_register()

kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.

https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c
https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1
https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001
https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973
https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875
https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b

Comment 2 Rohit Keshri 2024-02-27 16:20:06 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266333]

Comment 5 Justin M. Forbes 2024-02-27 18:57:07 UTC

This was fixed for Fedora with the 6.6.14 stable kernel updates.

Comment 8 errata-xmlrpc 2024-11-12 09:18:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
aquini
bhu
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
esandeen
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
ldoskova
lgoncalv
lzampier
mleitner
mmilgram
mstowell
nmurray
ptalbert
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
sukulkar
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang