CVE-2023-53244

Published: Sep 15, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of tw68_risc_buffer() and the value of buf->cpu before buffer free.

Vendor	Product	Versions
Linux	Linux	affected `e15d1c12c5878b3a80d6573af1721e17264e0286 - < dcf632bca424e6ff8c8eb89c96694e7f05cd29b6` affected `e15d1c12c5878b3a80d6573af1721e17264e0286 - < 3c67f49a6643d973e83968ea35806c7b5ae68b56` affected `e15d1c12c5878b3a80d6573af1721e17264e0286 - < 3715c5e9a8f96b6ed0dcbea06da443efccac1ecc` affected `e15d1c12c5878b3a80d6573af1721e17264e0286 - < 1634b7adcc5bef645b3666fdd564e5952a9e24e0`
Linux	Linux	affected `3.18` unaffected `0 - < 3.18` unaffected `5.15.113 - <= 5.15.` unaffected `6.1.30 - <= 6.1.` unaffected `6.3.4 - <= 6.3.*` +1 more versions

References

https://git.kernel.org/stable/c/dcf632bca424e6ff8c8eb89c96694e7f05cd29b6

https://git.kernel.org/stable/c/3c67f49a6643d973e83968ea35806c7b5ae68b56

https://git.kernel.org/stable/c/3715c5e9a8f96b6ed0dcbea06da443efccac1ecc

https://git.kernel.org/stable/c/1634b7adcc5bef645b3666fdd564e5952a9e24e0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-53244

Description

Affected Products

References