CVE-2023-54178

Vulnerability

Overview

CVE-2023-54178 is a null pointer dereference vulnerability in the Linux kernel's Device Tree (OF) unit test function of_unittest_find_node_by_name(). The root cause is that the function uses kasprintf() to allocate memory for the name and full_name strings, but does not check if the allocation succeeds. If kmalloc() fails, kasprintf() returns NULL, and the subsequent strcmp() call dereferences the NULL pointer, causing a kernel crash [1][2].

Exploitation

This vulnerability is triggered during the execution of the OF unit tests, which are typically run during kernel self-tests or debugging. An attacker would need to be able to influence memory allocation to cause kmalloc() to fail, for example by exhausting system memory. The attack surface is limited to systems where the OF unit tests are enabled and executed, and the attacker must have some ability to affect kernel memory pressure [3][4].

Impact

Impact

A successful exploitation leads to a denial of service (DoS) via a kernel NULL pointer dereference, resulting in a system crash or hang. The vulnerability does not allow for privilege escalation or arbitrary code execution, as it only causes a panic when the NULL pointer is accessed memory is unmapped [1][2].

Mitigation

The fix has been applied to the Linux kernel stable branches. Users should update to a kernel version containing the commit that adds a NULL check before the strcmp() call. No workaround is available other than applying the patch or disabling the OF unit tests if they are not needed [3][4].