CVE-2023-52744

MEDIUM

Linux Kernel 5.14 - NULL Pointer Dereference in in_dev_for_each_ifa_rtnl

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev is dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a check for NULL value in idev beforehand. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/8f5fe1cd8e6a97f94840b55f59ed08cbc397086f

Patch

https://git.kernel.org/stable/c/360682fe7df262d94fae54f737c487bec0f9190d

Patch

https://git.kernel.org/stable/c/5d9745cead1f121974322b94ceadfb4d1e67960e

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (10)

Linux/Linux < 5.14

Linux/Linux 146b9756f14c04894226fb97e2f102f217139c27 - 360682fe7df262d94fae54f737c487bec0f9190d

Linux/Linux 146b9756f14c04894226fb97e2f102f217139c27 - 5d9745cead1f121974322b94ceadfb4d1e67960e

Linux/Linux 146b9756f14c04894226fb97e2f102f217139c27 - 8f5fe1cd8e6a97f94840b55f59ed08cbc397086f

Linux/Linux 5.14

Linux/Linux 5.15.94 - 5.15.*

Linux/Linux 6.1.12 - 6.1.*

Linux/Linux 6.2

linux/linux_kernel 6.2 rc1 (7 CPE variants)

linux/linux_kernel 5.14 - 5.15.94

Published May 21, 2024

Tracked Since Feb 18, 2026