CVE-2023-3355 : What You Need to Know

This CVE-2023-3355 was published on June 28, 2023, and is related to a null pointer dereference vulnerability found in the Linux kernel's

drivers/gpu/drm/msm/msm_gem_submit.c

code. This vulnerability has a medium severity rating and affects certain versions of Red Hat Enterprise Linux and Fedora.

Understanding CVE-2023-3355

This section will discuss the details, impact, affected systems, and mitigation strategies related to CVE-2023-3355.

What is CVE-2023-3355?

CVE-2023-3355 is a null pointer dereference flaw found in the

submit_lookup_cmds

function within the Linux kernel's code. This flaw occurs due to the absence of a check for the return value of

kmalloc()

. An attacker with local access can exploit this vulnerability to crash the system.

The Impact of CVE-2023-3355

The impact of this vulnerability is considered medium, with a CVSS base score of 4.7. It can lead to a denial of service (DoS) condition by allowing a local user to crash the system.

Technical Details of CVE-2023-3355

This section covers specific technical details regarding the vulnerability.

Vulnerability Description

The null pointer dereference vulnerability in

drivers/gpu/drm/msm/msm_gem_submit.c

fails to check the return value of

kmalloc()

, enabling a local user to crash the system.

Affected Systems and Versions

The affected systems include Red Hat Enterprise Linux 6, 7, 8, 9, and Fedora, with certain versions of the kernel being impacted.

Exploitation Mechanism

An attacker with local access could exploit this vulnerability by leveraging the lack of validation in the

submit_lookup_cmds

function.

Mitigation and Prevention

To address CVE-2023-3355, it is essential to implement immediate steps and long-term security practices to protect affected systems and prevent exploitation.

Immediate Steps to Take

Red Hat recommends applying relevant security updates promptly.
Monitor system logs for any suspicious activity related to potential exploitation of this vulnerability.

Long-Term Security Practices

Regularly update and patch the Linux kernel and associated components.
Implement least privilege access controls to limit the impact of potential vulnerabilities.

Patching and Updates

Refer to the provided links for official patch releases and updates from Red Hat to mitigate the CVE-2023-3355 vulnerability in affected systems.

---

Red Hat acknowledges Jiasheng Jiang from the Institute of Software Chinese Academy of Sciences for reporting this vulnerability.