CVE-2023-23004: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-23004 is a vulnerability in the Linux kernel's ARM Mali Display Processor (Mali-DP) driver, discovered prior to kernel version 5.19. The vulnerability stems from a misinterpretation of the get_sg_table return value in the drivers/gpu/drm/arm/malidp_planes.c file, where the code incorrectly expects NULL in the error case, whereas it actually returns an error pointer (NVD, Ubuntu).

The vulnerability exists in the malidp_planes.c file where the code incorrectly checks for a NULL return value instead of using IS_ERR() to check for error conditions from get_sg_table(). The fix involves changing the condition from if (!sgt) to if (IS_ERR(sgt)) to properly handle error cases (GitHub). The vulnerability has been assigned a CVSS 3 Severity Score of 5.5 (Medium) (Ubuntu).

The vulnerability could allow a local attacker to potentially cause a denial of service condition through system crashes. This primarily affects systems using the ARM Mali Display Processor driver (Ubuntu).

The vulnerability has been fixed in Linux kernel version 5.19 and backported to various distribution kernels. Ubuntu has released fixes for affected versions including Ubuntu 22.04 LTS (version 5.15.0-79.86) and Ubuntu 20.04 LTS (version 5.4.0-174.193). Debian has also addressed this in version 5.10.178-3~deb10u1 for Debian 10 (Ubuntu, Debian).