CVE-2023-53336
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run sensor->adev is not set yet. So if either of the dev_warn() calls about unknown values are hit this will lead to a NULL pointer deref. Set sensor->adev earlier, with a borrowed ref to avoid making unrolling on errors harder, to fix this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53336
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.4.16 (exc)
linux linux_kernel From 6.5 (inc) to 6.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can cause the Linux kernel to crash or behave unpredictably due to a null pointer dereference in the ipu-bridge driver. This may lead to system instability or denial of service conditions on affected devices using this driver.

Executive Summary

This vulnerability is a null pointer dereference in the Linux kernel's media component, specifically in the ipu-bridge driver. It occurs because the sensor->adev pointer is not set when certain parsing functions (ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation()) run. If these functions encounter unknown values and trigger warning messages, the code attempts to use sensor->adev, which is null, leading to a crash or undefined behavior. The fix involves setting sensor->adev earlier to prevent this null pointer dereference.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53336. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart