CVE-2023-52744

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/irdma: Fix potential NULL-ptr-dereference

in_dev_get() can return NULL which will cause a failure once idev is dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a check for NULL value in idev beforehand.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux146b9756f14c04894226fb97e2f102f217139c27 < 8f5fe1cd8e6a97f94840b55f59ed08cbc397086faffected
LinuxLinux146b9756f14c04894226fb97e2f102f217139c27 < 360682fe7df262d94fae54f737c487bec0f9190daffected
LinuxLinux146b9756f14c04894226fb97e2f102f217139c27 < 5d9745cead1f121974322b94ceadfb4d1e67960eaffected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.94 <= 5.15.*unaffected
LinuxLinux6.1.12 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References