CVE-2023-52918
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
22/10/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: pci: cx23885: check cx23885_vdev_init() return<br />
<br />
cx23885_vdev_init() can return a NULL pointer, but that pointer<br />
is used in the next line without a check.<br />
<br />
Add a NULL pointer check and go to the error unwind if it is NULL.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.321 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.283 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.225 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.166 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.107 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.48 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/06ee04a907d64ee3910fecedd05d7f1be4b1b70e
- https://git.kernel.org/stable/c/15126b916e39b0cb67026b0af3c014bfeb1f76b3
- https://git.kernel.org/stable/c/199a42fc4c45e8b7f19efeb15dbc36889a599ac2
- https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6
- https://git.kernel.org/stable/c/a5f1d30c51c485cec7a7de60205667c3ff86c303
- https://git.kernel.org/stable/c/b1397fb4a779fca560c43d2acf6702d41b4a495b
- https://git.kernel.org/stable/c/e7385510e2550a9f8b6f3d5f33c5b894ab9ba976
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html