CVE-2023-3355

Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c

Published: 6/28/2023 Last updated: 3/5/2025 Reserved: 6/21/2023

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (10)

Product	Vendor	Version
Fedora	Fedora	2.6
Red Hat Enterprise Linux 6	Red Hat	6.0.2
Red Hat Enterprise Linux 7	Red Hat	1.2.1
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	6.0.6
Red Hat Enterprise Linux 9	Red Hat	6.0.6.1
Red Hat Enterprise Linux 8	Red Hat	6.0.2
Red Hat Enterprise Linux 7	Red Hat	2.0
kernel	n/a	n/a
kernel	n/a	n/a

References (6)

Credits (1)

Red Hat would like to thank Jiasheng Jiang (Institute of Software Chinese Academy of Sciences) for reporting this issue.