CVE-2023-6915: 
Linux Kernel vulnerability analysis and mitigation

A Null pointer dereference vulnerability was discovered in ida_free function within lib/idr.c of the Linux Kernel. The vulnerability was disclosed on January 15, 2024, affecting Linux Kernel versions up to (excluding) 6.7. The issue occurs when ida_free calls the xas_load function which returns a null value, assigning NULL to the bitmap variable (NVD, Red Hat Bugzilla).

The vulnerability stems from a missing check in the ida_free function. When xas_load returns a null value and assigns it to the bitmap variable, the if (xa_is_value(bitmap)) check fails and execution jumps to the else branch. In this branch, the statement if (!test_bit(bit, bitmap->bitmap)) attempts to reference the member of bitmap, triggering a null pointer dereference. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

This vulnerability can allow an attacker using the affected library to cause a denial of service condition due to a missing check at a function return. The impact is limited to availability with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in Linux kernel version 6.7 with commit af73483f4e8b6f5c68c9aa63257bdd929a9c194a. The fix includes adding proper null checks before accessing the bitmap member. Various Linux distributions have also released patches, including Red Hat Enterprise Linux through security advisories RHSA-2024:2394, RHSA-2024:2950, and RHSA-2024:3138 (GitHub Commit, Red Hat).