We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-52915

media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer



Description

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Reserved 2024-08-21 | Published 2024-09-06 | Updated 2024-11-04 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f4 before b2f54ed7739d
affected

1da177e4c3f4 before fa58d9db5cad
affected

1da177e4c3f4 before b49c6e5dd236
affected

1da177e4c3f4 before 6c01ef65de0b
affected

1da177e4c3f4 before d9ef84a7c222
affected

1da177e4c3f4 before 0143f282b15f
affected

1da177e4c3f4 before 41b7181a40af
affected

1da177e4c3f4 before 7bf744f2de0a
affected

Default status
affected

4.14.326
unaffected

4.19.295
unaffected

5.4.257
unaffected

5.10.197
unaffected

5.15.133
unaffected

6.1.55
unaffected

6.5.5
unaffected

6.6
unaffected

References

git.kernel.org/...c/b2f54ed7739dfdf42c4df0a11131aad7c8635464

git.kernel.org/...c/fa58d9db5cad4bb7bb694b6837e3b96d87554f2b

git.kernel.org/...c/b49c6e5dd236787f13a062ec528d724169f11152

git.kernel.org/...c/6c01ef65de0b321b2db1ef9abf8f1d15862b937e

git.kernel.org/...c/d9ef84a7c222497ecb5fdf93361c76931804825e

git.kernel.org/...c/0143f282b15f7cedc0392ea10050fb6000fd16e6

git.kernel.org/...c/41b7181a40af84448a2b144fb02d8bf32b7e9a23

git.kernel.org/...c/7bf744f2de0a848fb1d717f5831b03db96feae89

cve.org (CVE-2023-52915)

nvd.nist.gov (CVE-2023-52915)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-52915

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.