Bug 1217944 (CVE-2023-6679) - VUL-0: CVE-2023-6679: kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
Summary: VUL-0: CVE-2023-6679: kernel: NULL pointer dereference in dpll_pin_parent_pin...
Status: RESOLVED FIXED
Alias: CVE-2023-6679
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/387545/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-6679:5.5:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-11 12:56 UTC by SMASH SMASH
Modified: 2024-06-25 18:02 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-12-11 12:56:45 UTC 
A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in Digital Phase Locked Loop (DPLL) subsystem in the  Linux kernel, which could be exploited to trigger denial of service.

References:
https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6679
Comment 1 Gabriele Sonnu 2023-12-11 12:58:11 UTC 
Patch:

https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/

Offending commit (9d71b54b65b1) found in:

- SLE15-SP6
Comment 3 Thomas Bogendoerfer 2024-01-05 08:47:32 UTC 
Fix is now in SLE15-SP6
Comment 13 Robert Frohl 2024-06-10 09:29:59 UTC 
done