CVE-2023-52471: ice: Fix some null pointer dereference issues in ice_ptp.c
First published: Sun Feb 25 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.7.0<=6.7.2 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf
- https://git.kernel.org/stable/c/3cd9b9bee33f39f6c6d52360fe381b89a7b12695
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2266348
- https://lwn.net/Articles/964793/
- https://lwn.net/Articles/723317/
- https://lwn.net/Articles/627419/
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://bugzilla.redhat.com/show_bug.cgi?id=2266347
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-52471?
CVE-2023-52471 is classified as having a moderate severity due to potential null pointer dereference issues in the Linux kernel.
How do I fix CVE-2023-52471?
To fix CVE-2023-52471, update your Linux kernel to a version greater than 6.7.2.
Which versions of the Linux kernel are affected by CVE-2023-52471?
CVE-2023-52471 affects Linux kernel versions between 6.7.0 and 6.7.2 inclusive.
What components are impacted by CVE-2023-52471?
CVE-2023-52471 impacts the ice driver within the Linux kernel.
Is CVE-2023-52471 exploitable in production environments?
Yes, CVE-2023-52471 could potentially be exploited in production environments due to the nature of the null pointer dereference.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-52471
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.7.0
- version/linux kernel/6.7.2
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2