CVE-2023-52893

MEDIUM EPSS 15.0%
Published Aug 21, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 21, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.0  –  <4.14.304
linuxlinux_kernel*≥4.15  –  <4.19.271
linuxlinux_kernel*≥4.20  –  <5.4.230
linuxlinux_kernel*≥5.5  –  <5.10.165
linuxlinux_kernel*≥5.11  –  <5.15.90
linuxlinux_kernel*≥5.16  –  <6.1.8
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/32313c11bdc8a02c577abaf865be3664ab30410a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6646d769fdb0ce4318ef9afd127f8526d1ca8393
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a769b05eeed7accc4019a1ed9799dd72067f1ce8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb0421d90f916dffe96b4c049ddf01c0c50620d2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee5763ef829bd923033510de6d1df7c73f085e4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ffef77794fb5f1245c3249b86342bad2299accb5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/32313c11bdc8a02c577abaf865be3664ab30410a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6646d769fdb0ce4318ef9afd127f8526d1ca8393
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a769b05eeed7accc4019a1ed9799dd72067f1ce8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb0421d90f916dffe96b4c049ddf01c0c50620d2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee5763ef829bd923033510de6d1df7c73f085e4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ffef77794fb5f1245c3249b86342bad2299accb5
    Patch