CVE-2023-52585 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Netapp	H610c H610c Firmware H610s H610s Firmware H615c H615c Firmware
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a
https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49
https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626
https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b
https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915
https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680
https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lore.kernel.org/linux-cve-announce/2024030643-CVE-2023-52585-7dbc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52585
https://security.netapp.com/advisory/ntap-20240912-0009/
https://www.cve.org/CVERecord?id=CVE-2023-52585

History

Fri, 14 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel Netapp Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware
CPEs		cpe:2.3:h:netapp:h610c:-:::::::* cpe:2.3:h:netapp:h610s:-:::::::* cpe:2.3:h:netapp:h615c:-:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:netapp:h610c_firmware:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:o:netapp:h615c_firmware:-:::::::*
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel Netapp Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html https://security.netapp.com/advisory/ntap-20240912-0009/

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 06 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 04 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-06T06:45:20.389Z

Updated: 2025-05-04T07:39:15.124Z

Reserved: 2024-03-02T21:55:42.570Z

Link: CVE-2023-52585

Vulnrichment

Updated: 2024-09-12T16:02:56.000Z

NVD

Status : Analyzed

Published: 2024-03-06T07:15:07.290

Modified: 2025-03-14T18:57:42.090

Link: CVE-2023-52585

Redhat

Severity : Moderate

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2023-52585 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52585", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.570Z", "datePublished": "2024-03-06T06:45:20.389Z", "dateUpdated": "2025-05-04T07:39:15.124Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:39:15.124Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "467139546f3fb93913de064461b1a43a212d7626", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0eb296233f86750102aa43b97879b8d8311f249a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7e6d6f27522bcd037856234b720ff607b9c4a09b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "92cb363d16ac1e41c9764cdb513d0e89a6ff4915", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c364e7a34c85c2154fb2e47561965d5b5a0b69b1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "195a6289282e039024ad30ba66e6f94a4d0fbe49", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b8d55a90fd55b767c25687747e2b24abd1ef8680", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "versions": [{"version": "5.4.277", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.218", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.160", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.92", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.32", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.277"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.218"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.92"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"}], "title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-06T15:58:01.323059Z", "id": "CVE-2023-52585", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T16:09:44.599Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240912-0009/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-12T16:02:56.000Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240912-0009/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-12T16:02:56.000Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T15:58:01.323059Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.858Z"}}], "cna": {"title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "467139546f3fb93913de064461b1a43a212d7626", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0eb296233f86750102aa43b97879b8d8311f249a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7e6d6f27522bcd037856234b720ff607b9c4a09b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "92cb363d16ac1e41c9764cdb513d0e89a6ff4915", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c364e7a34c85c2154fb2e47561965d5b5a0b69b1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "195a6289282e039024ad30ba66e6f94a4d0fbe49", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b8d55a90fd55b767c25687747e2b24abd1ef8680", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.4.277", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.218", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.160", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.92", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.32", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"}, {"url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"}, {"url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"}, {"url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"}, {"url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"}, {"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"}, {"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.277"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.218"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.160"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.92"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.32"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:39:15.124Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52585", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:39:15.124Z", "dateReserved": "2024-03-02T21:55:42.570Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-06T06:45:20.389Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "700BC119-5E42-40C5-98D6-59BFBDFAB9A9", "versionEndExcluding": "6.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C621E4C1-8A64-4242-B99B-5E199F908D5B", "versionEndExcluding": "5.4.277", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "86AE14FD-2318-4BF1-87B3-9ED387996A2F", "versionEndExcluding": "5.10.218", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8E5CAF7-5C25-4293-A351-83C489ECF96B", "versionEndExcluding": "5.15.160", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E8DFDEB-F911-42FB-A55F-B84A9C556F01", "versionEndExcluding": "6.1.92", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "18199311-EF79-4480-85B0-6AD00C70A7BE", "versionEndExcluding": "6.6.32", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78", "versionEndExcluding": "6.7.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige una posible desreferencia NULL en amdgpu_ras_query_error_status_helper() Devuelve un c\u00f3digo de error no v\u00e1lido -EINVAL para una identificaci\u00f3n de bloque no v\u00e1lida. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 error amdgpu_ras_query_error_status_helper(): anteriormente asumimos que la 'informaci\u00f3n' podr\u00eda ser nula (consulte la l\u00ednea 1176)"}], "id": "CVE-2023-52585", "lastModified": "2025-03-14T18:57:42.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-06T07:15:07.290", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://security.netapp.com/advisory/ntap-20240912-0009/"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()", "id": "2268335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268335"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\nReturn invalid error code -EINVAL for invalid block id.\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)", "A vulnerability was found in the amdgpu_ras_query_error_status_helper() function in the Linunx kernel which could lead to a possible NULL pointer dereference, causing data corruption or crashes."], "name": "CVE-2023-52585", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52585\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52585\nhttps://lore.kernel.org/linux-cve-announce/2024030643-CVE-2023-52585-7dbc@gregkh/T"], "statement": "Red Hat Enterprise Linux 8 is not impacted by this vulnerability, as it does not contain the vulnerable amdgpu_ras_query_error_status_helper() function.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object