CVE-2023-52448

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 22, 2024
Updated: Jun 25, 2024
CWE ID 476

Summary

CVE-2023-52448 is a Linux kernel vulnerability that has been addressed. A NULL pointer dereference was identified in the 'gfs2' file system driver, specifically in the function 'gfs2_rgrp_dump'. This issue occurred due to a failure in 'read_rindex_entry()' when creating 'rgd->rd_gl', leading to an access of 'rgd->rd_rgl' which could be a NULL pointer. This vulnerability, reported by Syzkaller, could result in a kernel crash or potentially be exploited for malicious purposes. To mitigate this risk, a NULL pointer check has been added to 'gfs2_rgrp_dump()'.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share