CVE-2023-53470

In the Linux kernel, the following vulnerability has been resolved:

ionic: catch failure from devlink_alloc

Add a check for NULL on the alloc return.  If devlink_alloc() fails and
we try to use devlink_priv() on the NULL return, the kernel gets very
unhappy and panics. With this fix, the driver load will still fail,
but at least it won't panic the kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.153-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.16.8-1
fixed
sid
6.16.9-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/0020c16c8af7f4bc9503a2088fb30793b6771fac
https://git.kernel.org/stable/c/0d02efe7f25158c93146e3bb827bc7bb3cd5e71a
https://git.kernel.org/stable/c/4a54903ff68ddb33b6463c94b4eb37fc584ef760
https://git.kernel.org/stable/c/5325f50de5b1433b27dda7ccff5cb7283722a3f1
https://git.kernel.org/stable/c/c177dd465f5c1e5f242cdb9258826c591c257e9a