CVE-2023-53497

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc1-00023-g6c94e2e99343

Description The vsp1 driver in the Linux kernel incorrectly uses the vb2 is streaming() function to determine if the .start streaming() operation has been called. A change in the vb2 core code introduced a race condition where the streaming field is set before .start streaming() is called, leading the vsp1 driver to believe that streaming has started when it hasn't. This results in a kernel NULL pointer dereference and a system crash. The issue occurs when handling buffers in the vsp1 dl list add body function.

Recommendations Update to a version of the Linux kernel that contains the fix for this vulnerability.