CVE-2023-52690

powerpc/powernv: Add a null pointer check to scom_debug_init_one()

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.09%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7 patch mailing list
https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b patch mailing list
https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19 patch mailing list
https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2 patch mailing list
https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9 patch mailing list
https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13 patch mailing list
https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c22707d80742 patch mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html mailing list

Frequently Asked Questions

What is the severity of CVE-2023-52690?
CVE-2023-52690 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52690?
To fix CVE-2023-52690, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52690 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52690 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52690?
CVE-2023-52690 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.