{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52893", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:07:11.013Z", "datePublished": "2024-08-21T06:10:33.043Z", "dateUpdated": "2025-05-04T07:45:26.097Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:45:26.097Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/google/gsmi.c"], "versions": [{"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "ee5763ef829bd923033510de6d1df7c73f085e4b", "status": "affected", "versionType": "git"}, {"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "32313c11bdc8a02c577abaf865be3664ab30410a", "status": "affected", "versionType": "git"}, {"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "ffef77794fb5f1245c3249b86342bad2299accb5", "status": "affected", "versionType": "git"}, {"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd", "status": "affected", "versionType": "git"}, {"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "eb0421d90f916dffe96b4c049ddf01c0c50620d2", "status": "affected", "versionType": "git"}, {"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "6646d769fdb0ce4318ef9afd127f8526d1ca8393", "status": "affected", "versionType": "git"}, {"version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "a769b05eeed7accc4019a1ed9799dd72067f1ce8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/google/gsmi.c"], "versions": [{"version": "3.0", "status": "affected"}, {"version": "0", "lessThan": "3.0", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.304", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.271", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.230", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.165", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.90", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.8", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "4.14.304"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "4.19.271"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "5.4.230"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "5.10.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "5.15.90"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.1.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ee5763ef829bd923033510de6d1df7c73f085e4b"}, {"url": "https://git.kernel.org/stable/c/32313c11bdc8a02c577abaf865be3664ab30410a"}, {"url": "https://git.kernel.org/stable/c/ffef77794fb5f1245c3249b86342bad2299accb5"}, {"url": "https://git.kernel.org/stable/c/ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd"}, {"url": "https://git.kernel.org/stable/c/eb0421d90f916dffe96b4c049ddf01c0c50620d2"}, {"url": "https://git.kernel.org/stable/c/6646d769fdb0ce4318ef9afd127f8526d1ca8393"}, {"url": "https://git.kernel.org/stable/c/a769b05eeed7accc4019a1ed9799dd72067f1ce8"}], "title": "gsmi: fix null-deref in gsmi_get_variable", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52893", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:03:53.149409Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:14.166Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52893", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:03:53.149409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.608Z"}}], "cna": {"title": "gsmi: fix null-deref in gsmi_get_variable", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "ee5763ef829bd923033510de6d1df7c73f085e4b", "versionType": "git"}, {"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "32313c11bdc8a02c577abaf865be3664ab30410a", "versionType": "git"}, {"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "ffef77794fb5f1245c3249b86342bad2299accb5", "versionType": "git"}, {"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd", "versionType": "git"}, {"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "eb0421d90f916dffe96b4c049ddf01c0c50620d2", "versionType": "git"}, {"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "6646d769fdb0ce4318ef9afd127f8526d1ca8393", "versionType": "git"}, {"status": "affected", "version": "74c5b31c6618f01079212332b2e5f6c42f2d6307", "lessThan": "a769b05eeed7accc4019a1ed9799dd72067f1ce8", "versionType": "git"}], "programFiles": ["drivers/firmware/google/gsmi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.0"}, {"status": "unaffected", "version": "0", "lessThan": "3.0", "versionType": "semver"}, {"status": "unaffected", "version": "4.14.304", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.271", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.230", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.165", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.90", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.8", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/google/gsmi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ee5763ef829bd923033510de6d1df7c73f085e4b"}, {"url": "https://git.kernel.org/stable/c/32313c11bdc8a02c577abaf865be3664ab30410a"}, {"url": "https://git.kernel.org/stable/c/ffef77794fb5f1245c3249b86342bad2299accb5"}, {"url": "https://git.kernel.org/stable/c/ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd"}, {"url": "https://git.kernel.org/stable/c/eb0421d90f916dffe96b4c049ddf01c0c50620d2"}, {"url": "https://git.kernel.org/stable/c/6646d769fdb0ce4318ef9afd127f8526d1ca8393"}, {"url": "https://git.kernel.org/stable/c/a769b05eeed7accc4019a1ed9799dd72067f1ce8"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:28:01.009Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52893", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:28:01.009Z", "dateReserved": "2024-08-21T06:07:11.013Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-21T06:10:33.043Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7484020E-A2C4-48A2-9137-7AA65DB251B7", "versionEndExcluding": "4.14.304", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D86DA289-B5BC-4629-BD56-AB453D481393", "versionEndExcluding": "4.19.271", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DB7398D-9781-49C5-B2AE-1969B694B614", "versionEndExcluding": "5.4.230", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6002D5B-9B6A-4788-B943-E3EE01E01303", "versionEndExcluding": "5.10.165", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E995CDA5-7223-4FDB-BAD3-81B22C763A43", "versionEndExcluding": "5.15.90", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6AFE6C9-3F59-4711-B2CF-7D6682FF6BD0", "versionEndExcluding": "6.1.8", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gsmi: corrige null-deref en gsmi_get_variable Podemos obtener variables EFI sin recuperar el atributo, por lo que debemos permitir eso en gsmi. commit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore access Layer\") agreg\u00f3 una nueva llamada get_variable con attr=NULL, lo que desencadena p\u00e1nico en gsmi."}], "id": "CVE-2023-52893", "lastModified": "2024-09-11T16:24:49.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-08-21T07:15:05.880", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/32313c11bdc8a02c577abaf865be3664ab30410a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6646d769fdb0ce4318ef9afd127f8526d1ca8393"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a769b05eeed7accc4019a1ed9799dd72067f1ce8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae2a9dcc8caa60b1e14671294e5ec902ea5d1dfd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eb0421d90f916dffe96b4c049ddf01c0c50620d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ee5763ef829bd923033510de6d1df7c73f085e4b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ffef77794fb5f1245c3249b86342bad2299accb5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: gsmi: fix null-deref in gsmi_get_variable", "id": "2306421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306421"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ngsmi: fix null-deref in gsmi_get_variable\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52893", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52893\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52893\nhttps://lore.kernel.org/linux-cve-announce/2024082111-CVE-2023-52893-02b9@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}