5.5

CVE-2023-53470

ionic: catch failure from devlink_alloc

In the Linux kernel, the following vulnerability has been resolved:

ionic: catch failure from devlink_alloc

Add a check for NULL on the alloc return.  If devlink_alloc() fails and
we try to use devlink_priv() on the NULL return, the kernel gets very
unhappy and panics. With this fix, the driver load will still fail,
but at least it won't panic the kernel.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4 < 5.15.112
LinuxLinux Kernel Version >= 5.16 < 6.1.29
LinuxLinux Kernel Version >= 6.2 < 6.2.16
LinuxLinux Kernel Version >= 6.3 < 6.3.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0020c16c8af7f4bc9503a2088fb30793b6771fac
Patch
https://git.kernel.org/stable/c/0d02efe7f25158c93146e3bb827bc7bb3cd5e71a
Patch
https://git.kernel.org/stable/c/4a54903ff68ddb33b6463c94b4eb37fc584ef760
Patch
https://git.kernel.org/stable/c/5325f50de5b1433b27dda7ccff5cb7283722a3f1
Patch
https://git.kernel.org/stable/c/c177dd465f5c1e5f242cdb9258826c591c257e9a
Patch