CVE-2023-53005

In the Linux kernel, the following vulnerability has been resolved: trace_events_hist: add check for return value of 'create_hist_field' Function 'create_hist_field' is called recursively at trace_events_hist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/31b2414abeaa6de0490e85164badc6dcb1bb8ec9	Patch
https://git.kernel.org/stable/c/592ba7116fa620425725ff0972691f352ba3caf6	Patch
https://git.kernel.org/stable/c/886aa449235f478e262bbd5dcdee6ed6bc202949	Patch
https://git.kernel.org/stable/c/8b152e9150d07a885f95e1fd401fc81af202d9a4	Patch
https://git.kernel.org/stable/c/b4e7e81b4fdfcf457daee6b7a61769f62198d840	Patch
https://git.kernel.org/stable/c/d2d1ada58e7cc100b8d7d6b082d19321ba4a700a	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc5::::::

History

14 Apr 2025, 20:52

Type	Values Removed	Values Added
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel:6.2:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: trace_events_hist: se ha añadido una comprobación del valor de retorno de 'create_hist_field'. La función 'create_hist_field' se llama recursivamente en trace_events_hist.c:1954 y puede devolver un valor nulo. Por ello, es necesario comprobarla para evitar la desreferencia de punteros nulos. Encontrada por el Centro de Verificación de Linux (linuxtesting.org) con SVACE.
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/31b2414abeaa6de0490e85164badc6dcb1bb8ec9 -~~	() https://git.kernel.org/stable/c/31b2414abeaa6de0490e85164badc6dcb1bb8ec9 - Patch
References	~~() https://git.kernel.org/stable/c/592ba7116fa620425725ff0972691f352ba3caf6 -~~	() https://git.kernel.org/stable/c/592ba7116fa620425725ff0972691f352ba3caf6 - Patch
References	~~() https://git.kernel.org/stable/c/886aa449235f478e262bbd5dcdee6ed6bc202949 -~~	() https://git.kernel.org/stable/c/886aa449235f478e262bbd5dcdee6ed6bc202949 - Patch
References	~~() https://git.kernel.org/stable/c/8b152e9150d07a885f95e1fd401fc81af202d9a4 -~~	() https://git.kernel.org/stable/c/8b152e9150d07a885f95e1fd401fc81af202d9a4 - Patch
References	~~() https://git.kernel.org/stable/c/b4e7e81b4fdfcf457daee6b7a61769f62198d840 -~~	() https://git.kernel.org/stable/c/b4e7e81b4fdfcf457daee6b7a61769f62198d840 - Patch
References	~~() https://git.kernel.org/stable/c/d2d1ada58e7cc100b8d7d6b082d19321ba4a700a -~~	() https://git.kernel.org/stable/c/d2d1ada58e7cc100b8d7d6b082d19321ba4a700a - Patch

27 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 17:15

Updated : 2025-04-14 20:52

NVD link : CVE-2023-53005

Mitre link : CVE-2023-53005

CVE.ORG link : CVE-2023-53005

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10