CVE-2023-52448

Summary

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in gfs2_rgrp_dump() to prevent that.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < efc8ef87ab9185a23d5676f2f7d986022d91bcdeaffected
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < 5c28478af371a1c3fdb570ca67f110e1ae60fc37affected
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < ee0586d73cbaf0e7058bc640d62a9daf2dfa9178affected
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < d69d7804cf9e2ba171a27e5f98bc266f13d0414aaffected
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < 067a7c48c2c70f05f9460d6f0e8423e234729f05affected
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < c323efd620c741168c8e0cc6fc0be04ab57e331aaffected
LinuxLinux72244b6bc752b5c496f09de9a13c18adc314a53c < 8877243beafa7c6bfc42022cbfdf9e39b25bd4faaffected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.268 <= 5.4.*unaffected
LinuxLinux5.10.209 <= 5.10.*unaffected
LinuxLinux5.15.148 <= 5.15.*unaffected
LinuxLinux6.1.75 <= 6.1.*unaffected
LinuxLinux6.6.14 <= 6.6.*unaffected
LinuxLinux6.7.2 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References