CVE-2023-52470: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52470 is a vulnerability in the Linux kernel's Radeon display driver, specifically in the radeon_crtc_init() function. The vulnerability was discovered on February 26, 2024, affecting Linux kernel versions from 3.16.0 up to versions before 4.19.306, 5.4.268, 5.10.209, and 5.15.148. The issue involves an unchecked return value from alloc_workqueue that could lead to a null pointer dereference (NVD).

The vulnerability stems from a failure to check the return value of alloc_workqueue in the radeon_crtc_init() function within the DRM/Radeon display driver. This could potentially lead to a null pointer dereference. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability was introduced by commit fa7f517cb26e which reworked page flip handling (Kernel Patch).

The vulnerability could result in a system crash due to null pointer dereference when the memory allocation fails. However, the impact is limited as it requires local access and is unlikely for an attacker to be able to influence the conditions necessary to trigger the vulnerability (Ubuntu).

The vulnerability has been fixed by adding proper return value checking for alloc_workqueue in the radeon_crtc_init() function. The fix has been backported to multiple kernel versions and is available in Linux kernel versions 4.19.306, 5.4.268, 5.10.209, and 5.15.148 and later. Various Linux distributions have released patches, including Ubuntu, Debian, and Red Hat (Kernel Patch).