Home

Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of tw68_risc_buffer() and the value of buf->cpu before buffer free.

PUBLISHED Reserved 2025-09-15 | Published 2025-09-15 | Updated 2025-09-15 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before dcf632bca424e6ff8c8eb89c96694e7f05cd29b6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3c67f49a6643d973e83968ea35806c7b5ae68b56
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3715c5e9a8f96b6ed0dcbea06da443efccac1ecc
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 1634b7adcc5bef645b3666fdd564e5952a9e24e0
affected

Default status
affected

5.15.113 (semver)
unaffected

6.1.30 (semver)
unaffected

6.3.4 (semver)
unaffected

6.4 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/dcf632bca424e6ff8c8eb89c96694e7f05cd29b6

git.kernel.org/...c/3c67f49a6643d973e83968ea35806c7b5ae68b56

git.kernel.org/...c/3715c5e9a8f96b6ed0dcbea06da443efccac1ecc

git.kernel.org/...c/1634b7adcc5bef645b3666fdd564e5952a9e24e0

cve.org (CVE-2023-53244)

nvd.nist.gov (CVE-2023-53244)

Download JSON