How severe is CVE-2023-52492?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2023-52492?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2023-52492

MEDIUM Year: 2023

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-476

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [...] [ 1.484499] Call trace: [ 1.486930] device_del+0x40/0x394 [ 1.490314] device_unregister+0x20/0x7c [ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0 Look at dma_async_device_register() function error path, channel device unregistration is done only if chan->local is not NULL. Then add the same condition at the beginning of __dma_async_device_channel_unregister() function, to avoid NULL pointer issue whatever the API used to reach this function.

CVE-2017-12153

MEDIUM

CVSS:4.4(Medium)

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are p...

CWE-4762017

CVE-2018-16852

MEDIUM

CVSS:4.4(Medium)

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or th...

CWE-4762018

CVE-2019-20806

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka ...

CWE-4762019

CVE-2020-15437

MEDIUM

CVSS:4.4(Medium)

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service ...

CWE-4762020

CVE-2020-25639

MEDIUM

CVSS:4.4(Medium)

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This fla...

CWE-4762020

CVE-2020-35505

MEDIUM

CVSS:4.4(Medium)

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This fl...

CWE-4762020

CVE-2023-52492

Vulnerability Description

Related Vulnerabilities

CVE-2017-12153

CVE-2018-16852

CVE-2019-20806

CVE-2020-15437

CVE-2020-25639

CVE-2020-35505