Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2023-53146— media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()

AI Predicted 7.8 Difficulty: Moderate EPSS 0.15% · P5

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux7fd4828f6cc5bd4339ff58e372ccb5f528548b30< 77cbd42d29de9ffc93d5529bab8813cde53af14caffected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< ecbe6d011b95c7da59f014f8d26cb7245ed1e11eaffected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< beb9550494e7349f92b9eaa283256a5ad9b1c9beaffected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< 97fdbdb750342cbc204befde976872fedb406ee6affected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< 903566208ae6bb9c0e7e54355ce75bf6cf72485daffected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< 08dfcbd03b2b7f918c4f87c6ff637054e510df74affected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< fb28afab113a82b89ffec48c8155ec05b4f8cb5eaffected
7fd4828f6cc5bd4339ff58e372ccb5f528548b30< 5ae544d94abc8ff77b1b9bf8774def3fa5689b5baffected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-53146

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size")
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未检查msg[i].len导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 7fd4828f6cc5bd4339ff58e372ccb5f528548b30 ~ 77cbd42d29de9ffc93d5529bab8813cde53af14c -
LinuxLinux 2.6.27 -

II. Public POCs for CVE-2023-53146

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-53146

登录查看更多情报信息。

IV. Related Vulnerabilities

V. Comments for CVE-2023-53146

No comments yet


Leave a comment