CVE-2023-53458

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53458
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53458.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53458
Downstream
Related
Published
2025-10-01T11:42:29.665Z
Modified
2026-03-20T12:33:10.386011Z
Summary
media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()
Details

In the Linux kernel, the following vulnerability has been resolved:

media: cx23885: Fix a null-ptr-deref bug in bufferprepare() and bufferfinish()

When the driver calls cx23885riscbuffer() to prepare the buffer, the function call dmaalloccoherent may fail, resulting in a empty buffer risc->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered.

This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71.

We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of cx23885riscbuffer() and the value of risc->cpu before buffer free.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53458.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4d63a25c4523b5d18e5307897d56aff785f43bf5
Fixed
f0a06203f2fe63f04311467200c99c4ee1926578
Fixed
6738841f6fcf23e9fc30e2449f32fc84ee19c6f1
Fixed
5b8e5e28e85a546dfccc3895befe0e823fdd7c89
Fixed
47e8b73bc35d7c54642f78e498697692f6358996

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53458.json"