Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of tw68_risc_buffer() and the value of buf->cpu before buffer free.

INFO

Published Date :

2025-09-15T14:46:12.951Z

Last Modified :

2026-01-14T18:02:51.176Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53244 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53244.

URL Resource
https://git.kernel.org/stable/c/1634b7adcc5bef645b3666fdd564e5952a9e24e0 cve-icon cve-icon
https://git.kernel.org/stable/c/3715c5e9a8f96b6ed0dcbea06da443efccac1ecc cve-icon cve-icon
https://git.kernel.org/stable/c/3c67f49a6643d973e83968ea35806c7b5ae68b56 cve-icon cve-icon
https://git.kernel.org/stable/c/dcf632bca424e6ff8c8eb89c96694e7f05cd29b6 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091501-CVE-2023-53244-197d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53244 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53244 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact