CVE-2023-54093

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: anysee: fix null-ptr-deref in anysee_master_xfer

In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash.

Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

[hverkuil: add spaces around +]

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < 73c0b224ceeba12dee2a7a8cbc147648da0b2e63affected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < e04affec2506ff5c12a18d78d7e694b3556a8982affected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < 8dc5b370254abc10f0cb4141d90cecf7ce465472affected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < 4a9763d2bc4a6d6fab42555b9c0b2eefa32585acaffected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < 3dd5846a873938ec7b6d404ec27662942cd8f2efaffected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < 14b94154a72388b57221a2a73795c0ea61a95373affected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < 5975dbbb7ad0767eaabd15d2c37a739ac76acb00affected
LinuxLinuxa51e34dd6080d8d5c9e95a4e0292cd4cb889a61b < c30411266fd67ea3c02a05c157231654d5a3bdc9affected
LinuxLinux2.6.27affected
LinuxLinux0 < 2.6.27unaffected
LinuxLinux4.14.326 <= 4.14.*unaffected
LinuxLinux4.19.295 <= 4.19.*unaffected
LinuxLinux5.4.257 <= 5.4.*unaffected
LinuxLinux5.10.197 <= 5.10.*unaffected
LinuxLinux5.15.133 <= 5.15.*unaffected
LinuxLinux6.1.55 <= 6.1.*unaffected
LinuxLinux6.5.5 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References