Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
CVE-2023-6679

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: kernel; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Extended Update Support; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 11 December 2023

Summary

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

References

https://access.redhat.com/errata/RHSA-2024:0439

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0448

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0461

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2023
Vulnerability Reserved
Dec 11, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Xingyuan Mo ((IceSword Lab)) for reporting this issue.