CVE-2023-53146

CVSS v3.1

5.5

Medium

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A null pointer dereference issue has been identified in the Linux kernel, specifically in the dw2102 i2c transfer() function. This issue occurs when the msg[i].buf is null and msg[i].len is zero, allowing malicious data to reach the dw2102 i2c transfer function. Without proper sanity checks, accessing msg[i].buf[0] can result in a null pointer dereference. To prevent crashes, a check has been added on msg[i].len.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

BDU:2026-04625

CVE-2023-53146

OESA-2025-1570

OESA-2025-1596

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:02000-1

SUSE-SU-2025:02254-1

SUSE-SU-2025:02307-1

SUSE-SU-2025:02333-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:20408-1

SUSE-SU-2025:20413-1

SUSE-SU-2025:20419-1

SUSE-SU-2025:20421-1

SUSE-SU-2025_01964-1

SUSE-SU-2025_01965-1

SUSE-SU-2025_02000-1

SUSE-SU-2025_02254-1

SUSE-SU-2025_02307-1

SUSE-SU-2025_02333-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

CVE-2023-53146

Weakness Enumeration

Related Identifiers

Affected Products

References · 1649