CVE-2023-54315
Null Pointer Dereference in Linux PowerNV PCI SR-IOV Component
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the powerpc/powernv/sriov code where a pointer named 'iov' is dereferenced before checking if it is null. Dereferencing a null pointer can cause errors or crashes. The fix involves performing a null check on 'iov' before dereferencing it to prevent null pointer dereference errors.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the Linux kernel to dereference a null pointer, potentially leading to system crashes or instability. This can affect system reliability and availability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by applying the patch that moves the null check on the pointer 'iov' before it is dereferenced in the Linux kernel source code. To mitigate this vulnerability, update your Linux kernel to a version that includes this fix.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability was detected using static analysis with cppcheck on the Linux kernel source code, specifically at linux/arch/powerpc/platforms/powernv/pci-sriov.c line 597. To detect this vulnerability on your system, you can run cppcheck static analysis on the affected source file to identify the null pointer dereference issue. Example command: cppcheck --enable=warning linux/arch/powerpc/platforms/powernv/pci-sriov.c