CVE-2023-52465 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

power: supply: Fix null pointer dereference in smb2_probe

devm_kasprintf and devm_kzalloc return a pointer to dynamically
allocated memory which can be NULL upon failure.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data.

Advisories

Source	ID	Title
Ubuntu USN	USN-6818-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6818-2	Linux kernel (ARM laptop) vulnerabilities
Ubuntu USN	USN-6818-3	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-6818-4	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-6819-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6819-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6819-3	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-6819-4	Linux kernel (Oracle) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212
https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76
https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a
https://nvd.nist.gov/vuln/detail/CVE-2023-52465
https://www.cve.org/CVERecord?id=CVE-2023-52465

History

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-25T08:16:30.088Z

Updated: 2025-05-04T07:37:17.837Z

Reserved: 2024-02-20T12:30:33.296Z

Link: CVE-2023-52465

Vulnrichment

Updated: 2024-08-02T23:03:19.593Z

NVD

Status : Modified

Published: 2024-02-26T16:27:48.537

Modified: 2024-11-21T08:39:50.053

Link: CVE-2023-52465

Redhat

Severity : Low

Publid Date: 2024-02-26T00:00:00Z

Links: CVE-2023-52465 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52465", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.296Z", "datePublished": "2024-02-25T08:16:30.088Z", "dateUpdated": "2025-05-04T07:37:17.837Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:37:17.837Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: Fix null pointer dereference in smb2_probe\n\ndevm_kasprintf and devm_kzalloc return a pointer to dynamically\nallocated memory which can be NULL upon failure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/power/supply/qcom_pmi8998_charger.c"], "versions": [{"version": "8648aeb5d7b70e13264ff5f444f22081d37d4670", "lessThan": "e2717302fbc20f148bcda362facee0444b949a3a", "status": "affected", "versionType": "git"}, {"version": "8648aeb5d7b70e13264ff5f444f22081d37d4670", "lessThan": "bd3d2ec447ede9da822addf3960a5f4275e3ae76", "status": "affected", "versionType": "git"}, {"version": "8648aeb5d7b70e13264ff5f444f22081d37d4670", "lessThan": "88f04bc3e737155e13caddf0ba8ed19db87f0212", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/power/supply/qcom_pmi8998_charger.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.6.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.7.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a"}, {"url": "https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76"}, {"url": "https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212"}], "title": "power: supply: Fix null pointer dereference in smb2_probe", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T21:25:27.290658Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:59.073Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:19.593Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:19.593Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T21:25:27.290658Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.933Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "power: supply: Fix null pointer dereference in smb2_probe", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8648aeb5d7b70e13264ff5f444f22081d37d4670", "lessThan": "e2717302fbc20f148bcda362facee0444b949a3a", "versionType": "git"}, {"status": "affected", "version": "8648aeb5d7b70e13264ff5f444f22081d37d4670", "lessThan": "bd3d2ec447ede9da822addf3960a5f4275e3ae76", "versionType": "git"}, {"status": "affected", "version": "8648aeb5d7b70e13264ff5f444f22081d37d4670", "lessThan": "88f04bc3e737155e13caddf0ba8ed19db87f0212", "versionType": "git"}], "programFiles": ["drivers/power/supply/qcom_pmi8998_charger.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.5"}, {"status": "unaffected", "version": "0", "lessThan": "6.5", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/power/supply/qcom_pmi8998_charger.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a"}, {"url": "https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76"}, {"url": "https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: Fix null pointer dereference in smb2_probe\n\ndevm_kasprintf and devm_kzalloc return a pointer to dynamically\nallocated memory which can be NULL upon failure."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "6.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:37:17.837Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52465", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:37:17.837Z", "dateReserved": "2024-02-20T12:30:33.296Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-25T08:16:30.088Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEB24C6C-17A5-4F5F-8CFC-03547EC0A568", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: Fix null pointer dereference in smb2_probe\n\ndevm_kasprintf and devm_kzalloc return a pointer to dynamically\nallocated memory which can be NULL upon failure."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: power: Supply: se corrigi\u00f3 la desreferencia del puntero nulo en smb2_probe, devm_kasprintf y devm_kzalloc devuelven un puntero a la memoria asignada din\u00e1micamente que puede ser NULL en caso de falla."}], "id": "CVE-2023-52465", "lastModified": "2024-11-21T08:39:50.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:27:48.537", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/88f04bc3e737155e13caddf0ba8ed19db87f0212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd3d2ec447ede9da822addf3960a5f4275e3ae76"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e2717302fbc20f148bcda362facee0444b949a3a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}