CVE-2023-52870 Affecting dlm-kmp-default package, versions <6.4.0-150600.23.14.2
Threat Intelligence
EPSS
0.04% (11th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-DLMKMPDEFAULT-7550552
- published 23 Jul 2024
- disclosed 22 Jul 2024
Introduced: 22 Jul 2024
CVE-2023-52870 Open this link in a new tabHow to fix?
Upgrade SLES:15.6 dlm-kmp-default to version 6.4.0-150600.23.14.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream dlm-kmp-default package and not the dlm-kmp-default package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
References
- https://www.suse.com/security/cve/CVE-2023-52870.html
- https://bugzilla.suse.com/1224937
- https://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480
- https://git.kernel.org/stable/c/2617aa8ceaf30e41d3eb7f5fef3445542bef193a
- https://git.kernel.org/stable/c/533ca5153ad6c7b7d47ae0114b14d0333964b946
- https://git.kernel.org/stable/c/b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc
- https://git.kernel.org/stable/c/b82681042724924ae3ba0f2f2eeec217fa31e830
- https://git.kernel.org/stable/c/dd1f30d68fa98eb672c0a259297b761656a9025f
CVSS Scores
version 3.1