Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2023-52915— media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer

AI Predicted 7.8 Difficulty: Easy EPSS 0.21% · P11

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< b2f54ed7739dfdf42c4df0a11131aad7c8635464affected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< fa58d9db5cad4bb7bb694b6837e3b96d87554f2baffected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< b49c6e5dd236787f13a062ec528d724169f11152affected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< 6c01ef65de0b321b2db1ef9abf8f1d15862b937eaffected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< d9ef84a7c222497ecb5fdf93361c76931804825eaffected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< 0143f282b15f7cedc0392ea10050fb6000fd16e6affected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< 41b7181a40af84448a2b144fb02d8bf32b7e9a23affected
7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273< 7bf744f2de0a848fb1d717f5831b03db96feae89affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-52915

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于dvb-usb-v2驱动中的af9035_i2c_master_xfer函数对msg[i].buf未进行充分检查,当msg[i].buf为null且msg[i].len为零时,会导致空指针解引用错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 7f882c2e353ca58695e9b4fcc9e97a9d4cbcf273 ~ b2f54ed7739dfdf42c4df0a11131aad7c8635464 -
LinuxLinux 3.5 -

II. Public POCs for CVE-2023-52915

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-52915

登录查看更多情报信息。

Patches & Fixes for CVE-2023-52915 (5)

IV. Related Vulnerabilities

V. Comments for CVE-2023-52915

No comments yet


Leave a comment