How severe is CVE-2023-52898?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2023-52898?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2023-52898

MEDIUM Year: 2023

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-476

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev() which frees the xhci->devs[slot_id] virt device at the same time that xhci_kill_endpoint_urbs() tries to loop through all the device's endpoints, checking if there are any cancelled urbs left to give back. hold the xhci spinlock while freeing the virt device

CVE-2005-3274

MEDIUM

CVSS:4.7(Medium)

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a c...

CWE-4762005

CVE-2017-5969

MEDIUM

CVSS:4.7(Medium)

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a...

CWE-4762017

CVE-2018-1065

MEDIUM

CVSS:4.7(Medium)

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service...

CWE-4762018

CVE-2018-5729

MEDIUM

CVSS:4.7(Medium)

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container che...

CWE-4762018

CVE-2019-10207

MEDIUM

CVSS:4.7(Medium)

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth ...

CWE-4762019

CVE-2019-16230

MEDIUM

CVSS:4.7(Medium)

drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer state...

CWE-4762019

CVE-2023-52898

Vulnerability Description

Related Vulnerabilities

CVE-2005-3274

CVE-2017-5969

CVE-2018-1065

CVE-2018-5729

CVE-2019-10207

CVE-2019-16230