We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-53146

media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()



Description

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size")

Reserved 2025-05-02 | Published 2025-05-14 | Updated 2025-05-14 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 77cbd42d29de9ffc93d5529bab8813cde53af14c
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ecbe6d011b95c7da59f014f8d26cb7245ed1e11e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before beb9550494e7349f92b9eaa283256a5ad9b1c9be
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 97fdbdb750342cbc204befde976872fedb406ee6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 903566208ae6bb9c0e7e54355ce75bf6cf72485d
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 08dfcbd03b2b7f918c4f87c6ff637054e510df74
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before fb28afab113a82b89ffec48c8155ec05b4f8cb5e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 5ae544d94abc8ff77b1b9bf8774def3fa5689b5b
affected

Default status
affected

4.14.326
unaffected

4.19.295
unaffected

5.4.257
unaffected

5.10.197
unaffected

5.15.133
unaffected

6.1.55
unaffected

6.5.5
unaffected

6.6
unaffected

References

git.kernel.org/...c/77cbd42d29de9ffc93d5529bab8813cde53af14c

git.kernel.org/...c/ecbe6d011b95c7da59f014f8d26cb7245ed1e11e

git.kernel.org/...c/beb9550494e7349f92b9eaa283256a5ad9b1c9be

git.kernel.org/...c/97fdbdb750342cbc204befde976872fedb406ee6

git.kernel.org/...c/903566208ae6bb9c0e7e54355ce75bf6cf72485d

git.kernel.org/...c/08dfcbd03b2b7f918c4f87c6ff637054e510df74

git.kernel.org/...c/fb28afab113a82b89ffec48c8155ec05b4f8cb5e

git.kernel.org/...c/5ae544d94abc8ff77b1b9bf8774def3fa5689b5b

cve.org (CVE-2023-53146)

nvd.nist.gov (CVE-2023-53146)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-53146

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.