NULL Pointer Dereference Affecting linux-5.10 package, versions <5.10.209-2~deb10u1


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN10-LINUX510-7371053
  • published26 Jun 2024
  • disclosed23 Feb 2024

Introduced: 23 Feb 2024

CVE-2023-52454  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade Debian:10 linux-5.10 to version 5.10.209-2~deb10u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream linux-5.10 package and not the linux-5.10 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec().

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp] Call trace: process_one_work+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110

Fix the bug by raising a fatal error if DATAL isn't coherent with the packet size. Also, the PDU length should never exceed the MAXH2CDATA parameter which has been communicated to the host in nvmet_tcp_handle_icreq().

CVSS Scores

version 3.1