5.5
CVE-2023-4385
- EPSS 0.22%
- Veröffentlicht 16.08.2023 17:15:11
- Zuletzt bearbeitet 21.11.2024 08:34:58
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kernel: jfs: null pointer dereference in dbfree()
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 5.18.19
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| secalert@redhat.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://access.redhat.com/security/cve/CVE-2023-4385
https://bugzilla.redhat.com/show_bug.cgi?id=2219272
https://github.com/torvalds/linux/commit/0d4837fdb796f99369cf7691d33de1b856bcaf1f