Null Pointer Dereference Vulnerability in Linux Kernel Affects Multiple Versions
CVE-2023-53332

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2023-53332?

A vulnerability exists in the Linux kernel related to the handling of interrupt requests, specifically where a NULL pointer can inadvertently be dereferenced if an invalid interrupt number is passed. This issue arises during the execution of ipi_send_{mask|single}() functions when local variables are not properly validated, leading to a kernel oops in the irq_data_get_affinity_mask() function. A missing NULL pointer check in ipi_send_verify() exacerbates the issue, allowing for potential disruption in system operations. A patch addressing this vulnerability has been introduced to enhance system reliability and security.

Affected Version(s)

Linux 3b8e29a82dd16c1f2061e0b955a71cd36eeb061b < 926aef60ea64cd9becf2829f7388f48dbe8bcb11

Linux 3b8e29a82dd16c1f2061e0b955a71cd36eeb061b < 7448c73d64075051f50caed2c62f46553b69ab8a

Linux 3b8e29a82dd16c1f2061e0b955a71cd36eeb061b

References

https://git.kernel.org/stable/c/926aef60ea64cd9becf2829f7...
https://git.kernel.org/stable/c/7448c73d64075051f50caed2c...
https://git.kernel.org/stable/c/feabecaff5902f896531dde90...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53332 : Null Pointer Dereference Vulnerability in Linux Kernel Affects Multiple Versions