CVE-2023-53005

In the Linux kernel, the following vulnerability has been resolved:

trace_events_hist: add check for return value of 'create_hist_field'

Function 'create_hist_field' is called recursively at
trace_events_hist.c:1954 and can return NULL-value that's why we have
to check it to avoid null pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
linuxlinux_kernel
4.17 ≤
𝑥
< 4.19.272
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.231
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.166
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.91
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.9
linuxlinux_kernel
6.2:rc1
linuxlinux_kernel
6.2:rc2
linuxlinux_kernel
6.2:rc3
linuxlinux_kernel
6.2:rc4
linuxlinux_kernel
6.2:rc5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.19-1
fixed
sid
6.12.20-1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/31b2414abeaa6de0490e85164badc6dcb1bb8ec9
https://git.kernel.org/stable/c/592ba7116fa620425725ff0972691f352ba3caf6
https://git.kernel.org/stable/c/886aa449235f478e262bbd5dcdee6ed6bc202949
https://git.kernel.org/stable/c/8b152e9150d07a885f95e1fd401fc81af202d9a4
https://git.kernel.org/stable/c/b4e7e81b4fdfcf457daee6b7a61769f62198d840
https://git.kernel.org/stable/c/d2d1ada58e7cc100b8d7d6b082d19321ba4a700a