CVE-2023-52465: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52465 is a vulnerability in the Linux kernel's power supply subsystem, specifically affecting the smb2_probe function. The vulnerability was discovered in late 2023 and involves a null pointer dereference issue in the Qualcomm PMI8998 SMB2 Charger driver. The affected versions include Linux kernel versions from 6.5.0 up to (excluding) 6.6.14, and from 6.7.0 up to (excluding) 6.7.2 (NVD).

The vulnerability stems from improper handling of memory allocation failures in the smb2_probe function. Specifically, the devm_kasprintf and devm_kzalloc functions return pointers to dynamically allocated memory which can be NULL upon failure, but these NULL returns were not properly checked. This issue was introduced in commit 8648aeb5d7b7 which added the Qualcomm PMI8998 SMB2 Charger driver. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a null pointer dereference, which could result in a system crash when the affected code path is triggered. This primarily affects systems using the Qualcomm PMI8998 SMB2 Charger driver (Kernel Patch).

The vulnerability has been fixed through patches that add proper NULL pointer checks after memory allocation calls. The fix has been implemented in various Linux distributions, including Ubuntu 23.10 (linux 6.5.0-41.41) and other affected versions. Users should update their systems to the patched versions (Ubuntu).