CVE-2023-52451

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 22, 2024
Updated: Jun 25, 2024
CWE ID 129

Summary

CVE-2023-52451: A vulnerability was discovered in the Linux kernel's powerpc/pseries/memhp component, where the function dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when a lookup fails. The debug message following the function dereferences an incorrect pointer, potentially leading to a KASAN-detected heap buffer over-read. The issue was identified during a hot-remove memory operation, and the buggy address was traced to an object in the cache kmalloc-128k, specifically located at c000000364e80000. To mitigate this issue, developers are advised to handle failed lookups with caution and only dereference the cursor when it points to a valid entry.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share