-

CVE-2023-54314

EPSS 0.04%
Veröffentlicht 30.12.2025 12:23:45
Zuletzt bearbeitet 31.12.2025 20:42:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

media: af9005: Fix null-ptr-deref in af9005_i2c_xfer

In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach af9005_i2c_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.

Similar commit:
commit 0ed554fd769a
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 98c12abb275b75a98ff62de9466d21e4daa98536

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < 63d962ac7a52c0ff4cd09af2e284dce5e5955dfe

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < 0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < c7e5ac737db25d7387fe517cb5207706782b6cf8

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < 033b0c0780adee32dde218179e9bc51d2525108f

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < abb6fd93e05e80668d2317fe1110bc99b05034c3

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < e595ff350b2fd600823ee8491df7df693ae4b7c5

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

Version < f4ee84f27625ce1fdf41e8483fa0561a1b837d10

Version af4e067e1dcf926d9523dff11e46c45fd9fa9da2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.23

Status affected

Version < 2.6.23

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.326

Status unaffected

Version <= 4.19.*

Version 4.19.295

Status unaffected

Version <= 5.4.*

Version 5.4.257

Status unaffected

Version <= 5.10.*

Version 5.10.197

Status unaffected

Version <= 5.15.*

Version 5.15.133

Status unaffected

Version <= 6.1.*

Version 6.1.55

Status unaffected

Version <= 6.5.*

Version 6.5.5

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536

https://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe

https://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9

https://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8

https://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f

https://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3

https://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5

https://git.kernel.org/stable/c/f4ee84f27625ce1fdf41e8483fa0561a1b837d10

https://nvd.nist.gov/vuln/detail/CVE-2023-54314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54314

EUVD