CVE-2023-52472: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52472 is a vulnerability in the Linux kernel's crypto RSA implementation that was discovered and patched in late 2023. The vulnerability stems from a missing allocation failure check in the mpi_alloc() function, which could potentially lead to a NULL pointer dereference. This issue affects Linux kernel versions from 6.5.0 up to (excluding) 6.6.14 and versions from 6.7.0 up to (excluding) 6.7.2 (NVD).

The vulnerability exists in the RSA cryptographic subsystem of the Linux kernel, specifically in the allocation check for mpi_alloc() function. While small allocations typically don't fail in current kernels, static code analyzers identified a potential NULL pointer dereference scenario. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability was introduced in a previous commit related to RSA FIPS mode implementation (Kernel Patch).

The vulnerability's impact is considered medium severity, primarily affecting system availability. While the likelihood of exploitation is low since small allocations typically don't fail in current kernels, a successful exploit could potentially cause a system crash through a NULL pointer dereference (Ubuntu).

The vulnerability has been patched in the Linux kernel by adding an explicit allocation failure check. The fix involves adding a simple check for NULL return from mpi_alloc() and returning -ENOMEM in case of allocation failure. The patch has been backported to affected stable kernel versions (Kernel Patch).