In the Linux kernel, the following vulnerability has been resolved:
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read().
ubigluebiinit ubiregistervolumenotifier ubienumeratevolumes ubinotifyall gluebinotify nb->notifiercall() gluebicreate mtddeviceregister mtddeviceparseregister addmtddevice blktransnotifyadd not->add() ftladdmtd tr->addmtd() scanheader mtdread mtdreadoob mtdreadoobstd gluebiread mtd->read() gluebi->desc - NULL
Detailed reproduction information available at the Link [1],
In the normal case, obtain gluebi->desc in the gluebigetdevice(), and access gluebi->desc in the gluebiread(). However, gluebigetdevice() is not executed in advance in the ftladd_mtd() process, which leads to NULL pointer dereference.
The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME.
[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1bf4fe14e97cda621522eb2f28b0a4e87c5b0745",
        "id": "CVE-2023-52449-09f79cf5",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022",
        "id": "CVE-2023-52449-0c898133",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "66300802812558147469065699690327653198",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8ac2537763b54d278b80b2b080e1652523c7d4c",
        "id": "CVE-2023-52449-2067561f",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "91727899174079871328567020695329357764",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cfd7c9d260dc0a3baaea05a122a19ab91e193c65",
        "id": "CVE-2023-52449-20efcbf7",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 687.0,
            "function_hash": "104738389442009991093535256346062611242"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cfd7c9d260dc0a3baaea05a122a19ab91e193c65",
        "id": "CVE-2023-52449-23b8c361",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@001a3f59d8c914ef8273461d4bf495df384cc5f8",
        "id": "CVE-2023-52449-282fc3ee",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "66300802812558147469065699690327653198",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1bf4fe14e97cda621522eb2f28b0a4e87c5b0745",
        "id": "CVE-2023-52449-2efe0cdf",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "66300802812558147469065699690327653198",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5389407bba1eab1266c6d83e226fb0840cb98dd5",
        "id": "CVE-2023-52449-3385ff59",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "91727899174079871328567020695329357764",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5389407bba1eab1266c6d83e226fb0840cb98dd5",
        "id": "CVE-2023-52449-493f8b19",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc",
        "id": "CVE-2023-52449-52af2a6b",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cfd7c9d260dc0a3baaea05a122a19ab91e193c65",
        "id": "CVE-2023-52449-59d6dd8f",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "91727899174079871328567020695329357764",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1bf4fe14e97cda621522eb2f28b0a4e87c5b0745",
        "id": "CVE-2023-52449-5b23ae22",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 720.0,
            "function_hash": "28914704260118580940052399670263846570"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6",
        "id": "CVE-2023-52449-5db69ac1",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022",
        "id": "CVE-2023-52449-7448643e",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6",
        "id": "CVE-2023-52449-835fb090",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "91727899174079871328567020695329357764",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc",
        "id": "CVE-2023-52449-8ea44f80",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 687.0,
            "function_hash": "104738389442009991093535256346062611242"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8ac2537763b54d278b80b2b080e1652523c7d4c",
        "id": "CVE-2023-52449-8fad4639",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc",
        "id": "CVE-2023-52449-9496211b",
        "deprecated": false,
        "target": {
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301630847528704775866997325854314227705",
                "18031427934366856214016954948496905550",
                "232951284830572146518709374997827290253",
                "229302127793767921299784991809429275110",
                "91727899174079871328567020695329357764",
                "6984888835958931952727984956115822402",
                "77256464107132085856647904845773012510",
                "158345217223905178475193038926670780926"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6",
        "id": "CVE-2023-52449-a0fa4d3c",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 687.0,
            "function_hash": "104738389442009991093535256346062611242"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@001a3f59d8c914ef8273461d4bf495df384cc5f8",
        "id": "CVE-2023-52449-e679b1de",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 720.0,
            "function_hash": "28914704260118580940052399670263846570"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@001a3f59d8c914ef8273461d4bf495df384cc5f8",
        "id": "CVE-2023-52449-e9053f3d",
        "deprecated": false,
        "target": {
            "function": "blktrans_notify_add",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 189.0,
            "function_hash": "302269610217745319261514553973185002459"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022",
        "id": "CVE-2023-52449-e90ec2f4",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 720.0,
            "function_hash": "28914704260118580940052399670263846570"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8ac2537763b54d278b80b2b080e1652523c7d4c",
        "id": "CVE-2023-52449-f014314e",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 687.0,
            "function_hash": "104738389442009991093535256346062611242"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5389407bba1eab1266c6d83e226fb0840cb98dd5",
        "id": "CVE-2023-52449-faabaf7f",
        "deprecated": false,
        "target": {
            "function": "register_mtd_blktrans",
            "file": "drivers/mtd/mtd_blkdevs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 687.0,
            "function_hash": "104738389442009991093535256346062611242"
        },
        "signature_type": "Function"
    }
]