NVD Vulnerability Detail

CVE-2023-52915

Summary	In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Publication Date	Sept. 6, 2024, 6:15 p.m.
Registration Date	Sept. 6, 2024, 8 p.m.
Last Update	Sept. 11, 2024, 2:12 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	4.15			4.19.295
cpe:2.3:o:linux:linux_kernel::::::::	4.20			5.4.257
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.5.5
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.1.55
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.133
cpe:2.3:o:linux:linux_kernel::::::::	5.5			5.10.197
cpe:2.3:o:linux:linux_kernel::::::::				4.14.326

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/b2f54ed7739dfdf42c4df0a11131aad7c8635464	Patch
2	https://git.kernel.org/stable/c/fa58d9db5cad4bb7bb694b6837e3b96d87554f2b	Patch
3	https://git.kernel.org/stable/c/b49c6e5dd236787f13a062ec528d724169f11152	Patch
4	https://git.kernel.org/stable/c/6c01ef65de0b321b2db1ef9abf8f1d15862b937e	Patch
5	https://git.kernel.org/stable/c/d9ef84a7c222497ecb5fdf93361c76931804825e	Patch
6	https://git.kernel.org/stable/c/0143f282b15f7cedc0392ea10050fb6000fd16e6	Patch
7	https://git.kernel.org/stable/c/41b7181a40af84448a2b144fb02d8bf32b7e9a23	Patch
8	https://git.kernel.org/stable/c/7bf744f2de0a848fb1d717f5831b03db96feae89	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html

JVN Vulnerability Information

Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性

Title	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性
Summary	Linux の Linux Kernel には、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 19, 2023, midnight
Registration Date	Sept. 11, 2024, 2:16 p.m.
Last Update	Sept. 11, 2024, 2:16 p.m.

Affected System

Linux

Linux Kernel 4.14.326 未満

Linux Kernel 4.15 以上 4.19.295 未満

Linux Kernel 4.20 以上 5.4.257 未満

Linux Kernel 5.11 以上 5.15.133 未満

Linux Kernel 5.16 以上 6.1.55 未満

Linux Kernel 5.5 以上 5.10.197 未満

Linux Kernel 6.2 以上 6.5.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-52915	https://www.cve.org/CVERecord?id=CVE-2023-52915
National Vulnerability Database (NVD)
2	CVE-2023-52915	https://nvd.nist.gov/vuln/detail/CVE-2023-52915

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (0143f28)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0143f282b15f7cedc0392ea10050fb6000fd16e6
2	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (41b7181)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=41b7181a40af84448a2b144fb02d8bf32b7e9a23
3	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (6c01ef6)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6c01ef65de0b321b2db1ef9abf8f1d15862b937e
4	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (7bf744f)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7bf744f2de0a848fb1d717f5831b03db96feae89
5	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (b2f54ed)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b2f54ed7739dfdf42c4df0a11131aad7c8635464
6	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (b49c6e5)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b49c6e5dd236787f13a062ec528d724169f11152
7	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (d9ef84a)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d9ef84a7c222497ecb5fdf93361c76931804825e
8	media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (fa58d9d)	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fa58d9db5cad4bb7bb694b6837e3b96d87554f2b
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年09月11日] 掲載	Sept. 11, 2024, 2:16 p.m.