Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-52449

Disclosure Date: February 22, 2024 •

CVE-2023-52449 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

mtd: Fix gluebi NULL pointer dereference caused by ftl notifier

If both ftl.ko and gluebi.ko are loaded, the notifier of ftl
triggers NULL pointer dereference when trying to access
‘gluebi->desc’ in gluebi_read().

ubi_gluebi_init
ubi_register_volume_notifier

ubi_enumerate_volumes
  ubi_notify_all
    gluebi_notify    nb->notifier_call()
      gluebi_create
        mtd_device_register
          mtd_device_parse_register
            add_mtd_device
              blktrans_notify_add   not->add()
                ftl_add_mtd         tr->add_mtd()
                  scan_header
                    mtd_read
                      mtd_read_oob
                        mtd_read_oob_std
                          gluebi_read   mtd->read()
                            gluebi->desc - NULL

Detailed reproduction information available at the Link [1],

In the normal case, obtain gluebi->desc in the gluebi_get_device(),
and access gluebi->desc in the gluebi_read(). However,
gluebi_get_device() is not executed in advance in the
ftl_add_mtd() process, which leads to NULL pointer dereference.

The solution for the gluebi module is to run jffs2 on the UBI
volume without considering working with ftl or mtdblock [2].
Therefore, this problem can be avoided by preventing gluebi from
creating the mtdblock device after creating mtd partition of the
type MTD_UBIVOLUME.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2023-52449 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52449)

Miscellaneous

https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022

https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745

https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8

https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c

https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5

https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65

https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc

https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6

Rapid7

Hello Everyone! We have made some updates to AttackerKB in the last few months.

New tags:

New workers:

Unknown

CVE-2023-52449

Unknown

Unknown

None

Low

Local

CVE-2023-52449

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Hello Everyone! We have made some updates to AttackerKB in the last few months.

New tags:

New workers:

Unknown

CVE-2023-52449

Unknown

Unknown

None

Low

Local

CVE-2023-52449

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification