CVE-2023-53458

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A null pointer dereference issue exists in the cx23885 driver within the Linux kernel, specifically in the buffer prepare() and buffer finish() functions. The issue occurs when dma alloc coherent fails during buffer preparation within the cx23885 risc buffer() function, leading to an empty buffer. Subsequently, accessing or freeing this empty buffer triggers a null pointer dereference. The issue can potentially be triggered dynamically from user space. The risc->cpu value is checked before buffer freeing to address this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-476

Related Identifiers

BDU:2026-03355

CVE-2023-53458

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Debian

Linux Kernel

Suse

Cx23885

CVE-2023-53458

Weakness Enumeration

Related Identifiers

Affected Products

References · 864