CVE-2023-52450

Summary

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()

Get logical socket id instead of physical id in discover_upi_topology() to avoid out-of-bound access on 'upi = &type->topology[nid][idx];' line that leads to NULL pointer dereference in upi_fill_topology()

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf680b6e6062ef3c944ffc966d685f067958fca33 < bf1bf09e6b599758851457f3999779622a48d015affected
LinuxLinuxf680b6e6062ef3c944ffc966d685f067958fca33 < 3d6f4a78b104c65e4256c3776c9949f49a1b459eaffected
LinuxLinuxf680b6e6062ef3c944ffc966d685f067958fca33 < 1692cf434ba13ee212495b5af795b6a07e986ce4affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.6.14 <= 6.6.*unaffected
LinuxLinux6.7.2 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References