CVE-2023-54010

Vulnerability in the

Linux kernel's ACPICA subsystem, specifically in the acpi_db_display_objects function. The root cause is that the return value of ACPI_ALLOCATE_ZEROED is not checked for NULL before use. If the memory allocation fails, object_info will be NULL, leading to a null pointer dereference when the code later attempts to access members of that structure [1][2][3].

Exploitation

To trigger this vulnerability, an attacker would need to cause a memory allocation failure within the kernel, which could be achieved by exhausting system memory or through other means that force ACPI_ALLOCATE_ZEROED to return NULL. The attack surface is local, as the function is part of the ACPI debugger interface, which typically requires root privileges to access. However, if an unprivileged user can somehow invoke this code path, they might be able to trigger the null dereference.

Impact

A successful exploitation results in a kernel NULL pointer dereference, which typically causes a system crash (kernel panic) or denial of service disruption. This is a denial-of-service (DoS) vulnerability. There is no evidence from the provided sources that this can lead to privilege escalation or arbitrary code execution.

Mitigation

The vulnerability has been patched in the Linux kernel stable releases. The fix involves adding a NULL check after the allocation and returning an appropriate error code if the allocation fails. Users should update their kernel to a version that includes the commit that addresses this issue [1][2][3].