CVE-2023-54066
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux DVB-USB gl861 I2C Driver

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach gl861_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-25
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54066
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Apply the patch or update to a Linux kernel version that includes the fix for the null pointer dereference in gl861_i2c_master_xfer. The fix involves adding a check on msg[i].len to prevent the crash caused by null pointer dereference. Until patched, avoid using vulnerable media dvb-usb-v2 devices that use the gl861 driver with untrusted input.

Executive Summary

This vulnerability is a null pointer dereference in the Linux kernel's media dvb-usb-v2 driver for the gl861 device. Specifically, in the function gl861_i2c_master_xfer, the msg parameter is user-controlled. If msg[i].buf is null and msg[i].len is zero, previous checks on msg[i].buf are bypassed, leading to a null pointer dereference when the code accesses msg[i].buf[0] without verifying msg[i].len. This can cause the kernel to crash. The fix involves adding a check on msg[i].len to prevent this crash.

Impact Analysis

This vulnerability can cause a null pointer dereference in the Linux kernel, which may lead to a kernel crash or denial of service. Since the msg parameter is user-controlled, a malicious user could exploit this to crash the system or disrupt its operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54066. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart