CVE-2023-53834
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| texas_instruments | ina232 | * |
| texas_instruments | ina231 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the Linux kernel's ina2xx ADC driver. It occurs because the device tree contains a compatible string "ti,ina232" which the driver does not declare. The OF matching succeeds on "ti,ina231", but the I2C device ID info is populated from the first compatible string, leading to a NULL pointer in the probe function. This causes the driver to dereference a NULL pointer, potentially leading to a crash or undefined behavior. The fix involved using a properly populated type variable instead of the NULL pointer.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to dereference a NULL pointer when probing certain devices, which may lead to kernel crashes or instability on affected systems using the ina2xx ADC driver with specific device tree configurations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the fix for the NULL pointer dereference in the ina2xx ADC driver has been applied. This fix involves using the already populated type variable instead of relying on the device ID pointer, preventing the NULL pointer dereference. Avoid using device trees with incompatible or incorrect compatible strings such as "ti,ina232" if the driver does not support them.