1220869 – (CVE-2023-52573) VUL-0: CVE-2023-52573: kernel: net: rds: Fix possible NULL-pointer dereference

Bug 1220869 (CVE-2023-52573) - VUL-0: CVE-2023-52573: kernel: net: rds: Fix possible NULL-pointer dereference

Summary: VUL-0: CVE-2023-52573: kernel: net: rds: Fix possible NULL-pointer dereference

Status:	IN_PROGRESS

Alias:	CVE-2023-52573

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	David Sterba
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/396096/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-52573:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-03-04 12:21 UTC by SMASH SMASH
Modified:	2024-07-17 20:33 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-03-04 12:21:16 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: rds: Fix possible NULL-pointer dereference

In rds_rdma_cm_event_handler_cmn() check, if conn pointer exists
before dereferencing it as rdma_set_service_type() argument

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52573
https://www.cve.org/CVERecord?id=CVE-2023-52573
https://git.kernel.org/stable/c/069ac51c37a6f07a51f7134d8c34289075786a35
https://git.kernel.org/stable/c/51fa66024a5eabf270164f2dc82a48ffb35a12e9
https://git.kernel.org/stable/c/812da2a08dc5cc75fb71e29083ea20904510ac7a
https://git.kernel.org/stable/c/ea82139e6e3561100d38d14401d57c0ea93fc07e
https://git.kernel.org/stable/c/f1d95df0f31048f1c59092648997686e3f7d9478
https://git.kernel.org/stable/c/f515112e833791001aaa8ab886af3ca78503617f

Comment 1 Gabriele Sonnu 2024-03-04 12:29:30 UTC

Offending commit (fd261ce6a30e) found in:

 - SLE15-SP4
 - SLE15-SP5
 - SLE15-SP6
 - cve/linux-5.3
 - stable

only SLE15-SP6 and stable already contain the fixing commit (812da2a08dc5), tracking other branches as affected.

Comment 2 Petr Mladek 2024-03-05 12:51:06 UTC

Denis, could you please take care of this bug? Feel free to reassign it if you know about better candidate.