CVE-2023-6679: Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
First published: Mon Dec 11 2023(Updated: )
A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel, which could be exploited to trigger denial of service. Refer: <a href="https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/">https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Fedoraproject Fedora | =38 | |
| Red Hat Enterprise Linux | =9.0 | |
| IBM InfoSphere Guardium z/OS | <=12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2253987
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:0439
- https://access.redhat.com/errata/RHSA-2024:0448
- https://bugzilla.redhat.com/show_bug.cgi?id=2253986
- https://exchange.xforce.ibmcloud.com/vulnerabilities/274774
- https://www.ibm.com/support/pages/node/7152469 (Advisory)
- https://access.redhat.com/security/cve/CVE-2023-6679
Frequently Asked Questions
What is the severity of CVE-2023-6679?
CVE-2023-6679 has a severity rating that indicates a potential denial of service risk due to a null pointer dereference vulnerability.
How do I fix CVE-2023-6679?
To fix CVE-2023-6679, update to the latest version of the Linux Kernel or applicable distributions that have patched this vulnerability.
Which software versions are affected by CVE-2023-6679?
CVE-2023-6679 affects the Linux Kernel, Fedora 38, Red Hat Enterprise Linux 9.0, and IBM InfoSphere Guardium up to version 12.0.
What could be the impact of exploiting CVE-2023-6679?
Exploiting CVE-2023-6679 could lead to a denial of service, causing affected systems to become unresponsive.
Is there a workaround for CVE-2023-6679?
Currently, the best resolution for CVE-2023-6679 is to apply the latest updates or patches provided by your Linux distribution.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/author
- agent/weakness
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-6679
- agent/severity
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- vendor/linux
- canonical/linux kernel
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/9.0
- vendor/ibm
- canonical/ibm infosphere guardium z/os
- version/ibm infosphere guardium z/os/12.0