Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-6679
CVE-2023-6679:
Linux Kernel vulnerability analysis and mitigation
Overview
A null pointer dereference vulnerability (CVE-2023-6679) was discovered in the dpll_pin_parent_pin_set() function in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem of the Linux kernel. The vulnerability was reported on December 11, 2023 (NVD, Red Hat).
Technical details
The vulnerability occurs when a user does not pass the DPLL_A_PIN_STATE attribute in the pin set operation message, leading to a null pointer dereference. The issue was identified in the Linux kernel's DPLL subsystem and has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).
Impact
This vulnerability could be exploited to trigger a denial of service condition in affected systems (NVD).
Mitigation and workarounds
A fix has been implemented that sanitizes the null pointer by checking if the attr pointer is not null and only processing the passed state attribute value in that case. The fix has been included in various Linux distributions through security updates, including Red Hat Enterprise Linux via RHSA-2024:0439, RHSA-2024:0448, and RHSA-2024:0461 (Kernel Patch).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management