CVE-2023-53146

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53146
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53146.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53146
Downstream
Related
Published
2025-05-14T13:15:47Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

media: dw2102: Fix null-ptr-deref in dw2102i2ctransfer()

In dw2102i2ctransfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102i2ctransfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash.

Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size")

References

Affected packages