CVE-2023-52984

Summary

CVE-2023-52984 is a vulnerability affecting the Linux kernel's net: phy: dp83822 driver. This issue pertains to the probe function, which is only used for the DP83822 PHY but leaves the private data pointer uninitialized for smaller DP83825/26 models. While the private data structure is exclusively used in 82822-specific callbacks, the interrupt configuration is shared among all models. Consequently, a NULL pointer dereference occurs when the kernel attempts to access the uninitialized private data on smaller PHYs, potentially leading to system instability or crashes. By verifying the pointer before access, this vulnerability can be mitigated.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.