CVE-2023-54049

Vulnerability

In the Linux kernel's rpmsg glink driver, the function kstrdup() is called without checking its return value. If memory allocation fails, kstrdup() returns NULL, and the subsequent use of this pointer without validation can lead to a NULL pointer dereference [1][2][3].

Exploitation

An attacker would need to trigger a memory allocation failure in the kernel, which could be achieved by exhausting system memory or through other means that cause kstrdup() to fail. The vulnerability is in the rpmsg glink driver, which is used for inter-processor communication in systems like Qualcomm platforms. Exploitation requires the ability to trigger the vulnerable code path, which may involve sending crafted rpmsg messages or other interactions with the driver.

Impact

A successful NULL pointer dereference can cause a kernel crash (denial of service). In some configurations, it might be exploitable for privilege escalation if the dereference occurs in a context where an attacker can control the subsequent memory access, but the primary impact is system instability.

Mitigation

The fix adds a check for the return value of kstrdup() and returns an error if it fails, preventing the NULL pointer dereference. The patch has been applied to the stable kernel branches as indicated by the referenced commits [1][2][3]. Users should update their kernels to include this fix.