CVE-2023-52585 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a
https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49
https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626
https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b
https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915
https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680
https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lore.kernel.org/linux-cve-announce/2024030643-CVE-2023-52585-7dbc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52585
https://www.cve.org/CVERecord?id=CVE-2023-52585

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-06T06:45:20.389Z

Updated: 2024-09-12T16:02:56.000Z

Reserved: 2024-03-02T21:55:42.570Z

Link: CVE-2023-52585

Vulnrichment

Updated: 2024-08-02T23:03:21.290Z

NVD

Status : Awaiting Analysis

Published: 2024-03-06T07:15:07.290

Modified: 2024-06-27T14:15:12.767

Link: CVE-2023-52585

Redhat

Severity : Moderate

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2023-52585 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52585", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.570Z", "datePublished": "2024-03-06T06:45:20.389Z", "dateUpdated": "2024-09-12T16:02:56.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-28T19:51:45.182Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "467139546f3f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0eb296233f86", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7e6d6f27522b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "92cb363d16ac", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "c364e7a34c85", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "195a6289282e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b8d55a90fd55", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "versions": [{"version": "5.4.277", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.218", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.160", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.92", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.32", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"}], "title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T15:58:01.323059Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:40.671Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240912-0009/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-12T16:02:56.000Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.290Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T15:58:01.323059Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.858Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "467139546f3f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0eb296233f86", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7e6d6f27522b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "92cb363d16ac", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "c364e7a34c85", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "195a6289282e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b8d55a90fd55", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.4.277", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.218", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.160", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.92", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.32", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-28T19:51:45.182Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52585", "state": "PUBLISHED", "dateUpdated": "2024-08-02T23:03:21.290Z", "dateReserved": "2024-03-02T21:55:42.570Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-06T06:45:20.389Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()", "id": "2268335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268335"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\nReturn invalid error code -EINVAL for invalid block id.\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)", "A vulnerability was found in the amdgpu_ras_query_error_status_helper() function in the Linunx kernel which could lead to a possible NULL pointer dereference, causing data corruption or crashes."], "name": "CVE-2023-52585", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52585\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52585\nhttps://lore.kernel.org/linux-cve-announce/2024030643-CVE-2023-52585-7dbc@gregkh/T"], "statement": "Red Hat Enterprise Linux 8 is not impacted by this vulnerability, as it does not contain the vulnerable amdgpu_ras_query_error_status_helper() function.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.7.4, kernel 6.8-rc1"}