CVE-2023-52567

MEDIUM

Linux Kernel 4.14.315-4.14.326 - NULL Pointer Dereference in serial8250_handle_irq

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a case we need to skip the wake event as we came to this path from the timer interrupt and quite likely system is already awake. Without this fix we have got an Oops: serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A ... BUG: kernel NULL pointer dereference, address: 0000000000000010 RIP: 0010:serial8250_handle_irq+0x7c/0x240 Call Trace: ? serial8250_handle_irq+0x7c/0x240 ? __pfx_serial8250_timeout+0x10/0x10

References (8)

Core 8

Scores

CVSS v3 5.5
EPSS 0.0023
EPSS Percentile 13.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (30)
Linux/Linux < 6.4
Linux/Linux 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a - 3345cc5f02f1fb4c4dcb114706f2210d879ab933
Linux/Linux 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a - cce7fc8b29961b64fadb1ce398dc5ff32a79643b
Linux/Linux 0bd49a043c7984c93c2a0af41222fb71c3986a4e - c334650150c29234b0923476f51573ae1b2f252a
Linux/Linux 4.14.315 - 4.14.327
Linux/Linux 4.14.327 - 4.14.*
Linux/Linux 4.19.283 - 4.19.296
Linux/Linux 4.19.296 - 4.19.*
Linux/Linux 424cf29296354d7b9c6c038aaa7bb71782100851 - 2b837f13a818f96304736453ac53b66a70aaa4f2
Linux/Linux 5.10.180 - 5.10.198
... and 20 more
Published Mar 02, 2024
Tracked Since Feb 18, 2026