NULL Pointer Dereference Affecting kernel-livepatch-6.1.79-99.164 package, versions <0:1.0-0.amzn2023


Severity

Recommended
high

Based on Amazon Linux security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-AMZN2023-KERNELLIVEPATCH617999164-7708397
  • published20 Aug 2024
  • disclosed2 Apr 2024

Introduced: 2 Apr 2024

CVE-2023-52631  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade Amazon-Linux:2023 kernel-livepatch-6.1.79-99.164 to version 0:1.0-0.amzn2023 or higher.
This issue was patched in ALAS2023-2024-549.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-livepatch-6.1.79-99.164 package and not the kernel-livepatch-6.1.79-99.164 package as distributed by Amazon-Linux. See How to fix? for Amazon-Linux:2023 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix an NULL dereference bug

The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line.

CVSS Scores

version 3.1