CVE-2023-53458
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference bug in the Linux kernel's cx23885 media driver. It occurs when the driver calls cx23885_risc_buffer() to prepare a buffer, and the dma_alloc_coherent function fails, resulting in an empty buffer pointer (risc->cpu). Later, when the buffer is accessed or freed, this null pointer dereference can cause a crash or other unintended behavior. The issue can potentially be triggered dynamically by a user and is fixed by adding checks for the return value of cx23885_risc_buffer() and the risc->cpu pointer before freeing the buffer.
How can this vulnerability impact me? :
This vulnerability can cause the system to crash or behave unexpectedly due to a null pointer dereference in the kernel driver. If exploited, it may lead to denial of service by crashing the kernel or causing instability in the media subsystem. Since it can be triggered dynamically from the user side, it could be used by an attacker to disrupt system operations.