CVE-2023-53146

media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()

Description

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size")

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/77cbd42d29de9ffc93d5529bab8813cde53af14c
https://git.kernel.org/stable/c/ecbe6d011b95c7da59f014f8d26cb7245ed1e11e
https://git.kernel.org/stable/c/beb9550494e7349f92b9eaa283256a5ad9b1c9be
https://git.kernel.org/stable/c/97fdbdb750342cbc204befde976872fedb406ee6
https://git.kernel.org/stable/c/903566208ae6bb9c0e7e54355ce75bf6cf72485d
https://git.kernel.org/stable/c/08dfcbd03b2b7f918c4f87c6ff637054e510df74
https://git.kernel.org/stable/c/fb28afab113a82b89ffec48c8155ec05b4f8cb5e
https://git.kernel.org/stable/c/5ae544d94abc8ff77b1b9bf8774def3fa5689b5b

Frequently Asked Questions

What is the severity of CVE-2023-53146?
CVE-2023-53146 has not yet been assigned a CVSS score.
How to fix CVE-2023-53146?
To fix CVE-2023-53146, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53146 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-53146 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53146?
CVE-2023-53146 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.