CVE-2023-3355

Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c

Published: 6/28/2023 Last updated: 3/5/2025 Reserved: 6/21/2023

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (10)

Product	Vendor	Version
Fedora	Fedora	< 8f96aa67c2ccbd7e41b8dc992b8d13cfe206d571
Red Hat Enterprise Linux 6	Red Hat	< 62b2caef400c1738b6d22f636c628d9f85cd4c4c
Red Hat Enterprise Linux 7	Red Hat	< 3.18
Red Hat Enterprise Linux 8	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 9	Red Hat	< 2.6.12
Red Hat Enterprise Linux 9	Red Hat	<= *
Red Hat Enterprise Linux 8	Red Hat	2.6.12
Red Hat Enterprise Linux 7	Red Hat	<= 6.0.*
kernel	n/a	3.18
kernel	n/a	< 34d91e555e5582cffdbcbb75517bc9217866823e

References (12)

Credits (2)

Red Hat would like to thank Jiasheng Jiang (Institute of Software Chinese Academy of Sciences) for reporting this issue.
Red Hat would like to thank Jiasheng Jiang (Institute of Software Chinese Academy of Sciences) for reporting this issue.