CVE-2023-23005

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23005
** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 Issue Tracking Patch Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 Mailing List Patch Release Notes
https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:*:*:*:*
History

13 Mar 2023, 15:23

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:*:*:*:*
CWE CWE-476
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 - (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 - Mailing List, Patch, Release Notes
References (MISC) https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee - (MISC) https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee - Patch
References (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 - (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 - Issue Tracking, Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

02 Mar 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 -
Summary In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). ** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

01 Mar 2023, 20:34

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-01 20:15

Updated : 2024-08-02 11:15

NVD link : CVE-2023-23005

Mitre link : CVE-2023-23005

CVE.ORG link : CVE-2023-23005

JSON object : View

Products Affected

suse

  • linux_enterprise_server

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference