5.5

CVE-2023-53005

trace_events_hist: add check for return value of 'create_hist_field'

In the Linux kernel, the following vulnerability has been resolved:

trace_events_hist: add check for return value of 'create_hist_field'

Function 'create_hist_field' is called recursively at
trace_events_hist.c:1954 and can return NULL-value that's why we have
to check it to avoid null pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 4.19.272
LinuxLinux Kernel Version >= 4.20 < 5.4.231
LinuxLinux Kernel Version >= 5.5 < 5.10.166
LinuxLinux Kernel Version >= 5.11 < 5.15.91
LinuxLinux Kernel Version >= 5.16 < 6.1.9
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/d2d1ada58e7cc100b8d7d6b082d19321ba4a700a
Patch
https://git.kernel.org/stable/c/31b2414abeaa6de0490e85164badc6dcb1bb8ec9
Patch
https://git.kernel.org/stable/c/886aa449235f478e262bbd5dcdee6ed6bc202949
Patch
https://git.kernel.org/stable/c/592ba7116fa620425725ff0972691f352ba3caf6
Patch
https://git.kernel.org/stable/c/b4e7e81b4fdfcf457daee6b7a61769f62198d840
Patch
https://git.kernel.org/stable/c/8b152e9150d07a885f95e1fd401fc81af202d9a4
Patch