CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation. Add validation of the request structure pointer before dereference.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c	Patch
https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea	Patch
https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7	Patch
https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c	Patch
https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea	Patch
https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc1::::::

History

19 Mar 2025, 16:11

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.6:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c -~~	() https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c - Patch
References	~~() https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea -~~	() https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea - Patch
References	~~() https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7 -~~	() https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7 - Patch

Information

Published : 2024-03-02 22:15

Updated : 2025-03-19 16:11

NVD link : CVE-2023-52508

Mitre link : CVE-2023-52508

CVE.ORG link : CVE-2023-52508

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2023-52508", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-03-02T22:15:47.493", "references": [{"url": "https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-fc: evita la desreferencia del puntero nulo en nvme_fc_io_getuuid() La estructura nvme_fc_fcp_op que describe una operaci\u00f3n AEN se inicializa con un puntero de estructura de solicitud nula. Un FC LLDD puede realizar una llamada a nvme_fc_io_getuuid pasando un puntero a nvmefc_fcp_req para una operaci\u00f3n AEN. Agregue la validaci\u00f3n del puntero de la estructura de la solicitud antes de la desreferencia."}], "lastModified": "2025-03-19T16:11:52.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9889AA5E-5419-4E5A-8A95-FB5F9494E850", "versionEndExcluding": "6.1.56"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3", "versionEndExcluding": "6.5.6", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}