CVE-2023-52918

media: pci: cx23885: check cx23885_vdev_init() return

Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6 patch
https://git.kernel.org/stable/c/199a42fc4c45e8b7f19efeb15dbc36889a599ac2 patch
https://git.kernel.org/stable/c/e7385510e2550a9f8b6f3d5f33c5b894ab9ba976 patch
https://git.kernel.org/stable/c/a5f1d30c51c485cec7a7de60205667c3ff86c303 patch
https://git.kernel.org/stable/c/06ee04a907d64ee3910fecedd05d7f1be4b1b70e patch
https://git.kernel.org/stable/c/b1397fb4a779fca560c43d2acf6702d41b4a495b patch
https://git.kernel.org/stable/c/15126b916e39b0cb67026b0af3c014bfeb1f76b3 patch

Frequently Asked Questions

What is the severity of CVE-2023-52918?
CVE-2023-52918 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52918?
To fix CVE-2023-52918, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52918 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52918 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52918?
CVE-2023-52918 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.