CVE-2023-54284
Integer Underflow in Linux Kernel av7110 Media Component
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's media component, specifically in the av7110 driver. It involves a potential underflow in the function write_ts_to_decoder(). The issue arises because a value (buf[4]) received from the user via ts_play() is used in a calculation for the length passed to av7110_ipack_instant_repack(). Without proper checks, this length could become negative, which is not best practice and could lead to unexpected behavior. The fix adds a check to ensure the length is never negative.
How can this vulnerability impact me? :
The vulnerability could potentially cause unexpected behavior in the Linux kernel media driver due to an underflow condition when processing user-supplied data. While it is not clearly stated that passing a negative length causes direct harm, it is considered poor practice and could lead to instability or unpredictable results in the affected component.