Login Sign Up

CVE-2023-52809

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's libfc module, specifically in the fc_lport_ptp_setup() function. If exploited, it could cause a kernel panic or system crash, affecting systems running vulnerable Linux kernel versions with Fibre Channel over Ethernet (FCoE) functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable kernel versions referenced in the git commits (exact ranges depend on distribution backports)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when FCoE (Fibre Channel over Ethernet) functionality is enabled and configured. Most systems don't use FCoE by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic resulting in denial of service requiring system reboot.

🟢

If Mitigated

Minimal impact if FCoE functionality is disabled or system is patched.

🌐 Internet-Facing: LOW - This vulnerability requires local access or specialized network access to FCoE interfaces.
🏢 Internal Only: MEDIUM - Internal systems with FCoE storage connectivity could be affected by local users or network attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific code path in fc_lport_ptp_setup() with conditions that cause fc_rport_create() to return NULL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the referenced git commits

Vendor Advisory: https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable FCoE module

linux

Prevent loading of the vulnerable libfc module by blacklisting it

echo 'blacklist libfc' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

Unload FCoE module

linux

Remove the currently loaded libfc module if not in use

modprobe -r libfc

🧯 If You Can't Patch

  • Disable FCoE functionality in system configuration
  • Restrict access to systems to prevent local exploitation

🔍 How to Verify

Check if Vulnerable:

Check if libfc module is loaded: lsmod | grep libfc. If loaded and kernel version is vulnerable, system is at risk.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update matches patched version and verify libfc module functions normally if needed.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • NULL pointer dereference errors mentioning fc_lport_ptp_setup

Network Indicators:

  • Unexpected FCoE connection failures or resets

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND "fc_lport_ptp_setup"

📊 Metadata

CVE ID: CVE-2023-52809
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: May 21, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52809, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)