CVE-2023-53336

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings

When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run sensor->adev is not set yet.

So if either of the dev_warn() calls about unknown values are hit this will lead to a NULL pointer deref.

Set sensor->adev earlier, with a borrowed ref to avoid making unrolling on errors harder, to fix this.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux485aa3df0dffa62d347ea4e0116f549338accc59 < 3de35e29cfddfe6bff762b15bcfe8d80bebac6cbaffected
LinuxLinux485aa3df0dffa62d347ea4e0116f549338accc59 < e08b091e33ecf6e4cb2c0c5820a69abe7673280baffected
LinuxLinux485aa3df0dffa62d347ea4e0116f549338accc59 < 284be5693163343e1cf17c03917eecd1d6681bcfaffected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux6.4.16 <= 6.4.*unaffected
LinuxLinux6.5.3 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References