Vulnerability-Lookup

BDU:2026-01174

Vulnerability from fstec - Published: 19.07.2023

Title

Уязвимость функции af9005_i2c_xfer() модуля drivers/media/usb/dvb-usb/af9005.c драйвера мультимедийных устройств USB ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции af9005_i2c_xfer() модуля drivers/media/usb/dvb-usb/af9005.c драйвера мультимедийных устройств USB ядра операционной системы Linux связана с разыменованием указателей. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, Linux

Software Version

7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), от 4.20 до 5.4.256 включительно (Linux), от 4.15 до 4.19.294 включительно (Linux), от 5.5 до 5.10.196 включительно (Linux), от 5.11 до 5.15.132 включительно (Linux), от 5.16 до 6.1.54 включительно (Linux), от 6.2 до 6.5.4 включительно (Linux), от 2.6.23 до 4.14.325 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2025123037-CVE-2023-54314-a578@gregkh/ https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536 https://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe https://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9 https://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8 https://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f https://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3 https://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5 https://git.kernel.org/linus/f4ee84f27625ce1fdf41e8483fa0561a1b837d10 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.197 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.55 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-54314 Для продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-54314

Reference

https://www.cve.org/CVERecord?id=CVE-2023-54314 https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536 https://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe https://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9 https://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8 https://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f https://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3 https://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5 https://git.kernel.org/linus/f4ee84f27625ce1fdf41e8483fa0561a1b837d10 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.197 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.55 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5 https://lore.kernel.org/linux-cve-announce/2025123037-CVE-2023-54314-a578@gregkh/ https://security-tracker.debian.org/tracker/CVE-2023-54314 https://access.redhat.com/security/cve/cve-2023-54314

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.256 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.294 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.196 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.132 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.54 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.2 \u0434\u043e 6.5.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 2.6.23 \u0434\u043e 4.14.325 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2025123037-CVE-2023-54314-a578@gregkh/\nhttps://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536\nhttps://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe\nhttps://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9\nhttps://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8\nhttps://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f\nhttps://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3\nhttps://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5\nhttps://git.kernel.org/linus/f4ee84f27625ce1fdf41e8483fa0561a1b837d10\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.197\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.55\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-54314\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-54314",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.07.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.02.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01174",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-54314",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20 \u0434\u043e 5.4.256 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.15 \u0434\u043e 4.19.294 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.196 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.132 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 6.1.54 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.2 \u0434\u043e 6.5.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.23 \u0434\u043e 4.14.325 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 af9005_i2c_xfer() \u043c\u043e\u0434\u0443\u043b\u044f drivers/media/usb/dvb-usb/af9005.c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 USB \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 af9005_i2c_xfer() \u043c\u043e\u0434\u0443\u043b\u044f drivers/media/usb/dvb-usb/af9005.c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 USB \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cve.org/CVERecord?id=CVE-2023-54314\nhttps://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536\nhttps://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe\nhttps://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9\nhttps://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8\nhttps://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f\nhttps://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3\nhttps://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5\nhttps://git.kernel.org/linus/f4ee84f27625ce1fdf41e8483fa0561a1b837d10\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.197\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.55\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5\nhttps://lore.kernel.org/linux-cve-announce/2025123037-CVE-2023-54314-a578@gregkh/\nhttps://security-tracker.debian.org/tracker/CVE-2023-54314\nhttps://access.redhat.com/security/cve/cve-2023-54314",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2023-54314 (GCVE-0-2023-54314)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2026-01-05 11:37

Title

media: af9005: Fix null-ptr-deref in af9005_i2c_xfer

Summary

In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005_i2c_xfer In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9005_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/98c12abb275b75a98…
	https://git.kernel.org/stable/c/63d962ac7a52c0ff4…
	https://git.kernel.org/stable/c/0c02eb70b1dd4ae9b…
	https://git.kernel.org/stable/c/c7e5ac737db25d738…
	https://git.kernel.org/stable/c/033b0c0780adee32d…
	https://git.kernel.org/stable/c/abb6fd93e05e80668…
	https://git.kernel.org/stable/c/e595ff350b2fd6008…
	https://git.kernel.org/stable/c/f4ee84f27625ce1fd…

Impacted products

Vendor

Product

Version

Linux

Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < 98c12abb275b75a98ff62de9466d21e4daa98536 (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < 63d962ac7a52c0ff4cd09af2e284dce5e5955dfe (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < 0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9 (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < c7e5ac737db25d7387fe517cb5207706782b6cf8 (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < 033b0c0780adee32dde218179e9bc51d2525108f (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < abb6fd93e05e80668d2317fe1110bc99b05034c3 (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < e595ff350b2fd600823ee8491df7df693ae4b7c5 (git)
Affected: af4e067e1dcf926d9523dff11e46c45fd9fa9da2 , < f4ee84f27625ce1fdf41e8483fa0561a1b837d10 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.14.326 , ≤ 4.14.* (semver)
Unaffected: 4.19.295 , ≤ 4.19.* (semver)
Unaffected: 5.4.257 , ≤ 5.4.* (semver)
Unaffected: 5.10.197 , ≤ 5.10.* (semver)
Unaffected: 5.15.133 , ≤ 5.15.* (semver)
Unaffected: 6.1.55 , ≤ 6.1.* (semver)
Unaffected: 6.5.5 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/dvb-usb/af9005.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "98c12abb275b75a98ff62de9466d21e4daa98536",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "63d962ac7a52c0ff4cd09af2e284dce5e5955dfe",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "c7e5ac737db25d7387fe517cb5207706782b6cf8",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "033b0c0780adee32dde218179e9bc51d2525108f",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "abb6fd93e05e80668d2317fe1110bc99b05034c3",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "e595ff350b2fd600823ee8491df7df693ae4b7c5",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            },
            {
              "lessThan": "f4ee84f27625ce1fdf41e8483fa0561a1b837d10",
              "status": "affected",
              "version": "af4e067e1dcf926d9523dff11e46c45fd9fa9da2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/dvb-usb/af9005.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.326",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.326",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.295",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.257",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.197",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.133",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.55",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: af9005: Fix null-ptr-deref in af9005_i2c_xfer\n\nIn af9005_i2c_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9005_i2c_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T11:37:23.698Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536"
        },
        {
          "url": "https://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f"
        },
        {
          "url": "https://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4ee84f27625ce1fdf41e8483fa0561a1b837d10"
        }
      ],
      "title": "media: af9005: Fix null-ptr-deref in af9005_i2c_xfer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54314",
    "datePublished": "2025-12-30T12:23:45.179Z",
    "dateReserved": "2025-12-30T12:06:44.531Z",
    "dateUpdated": "2026-01-05T11:37:23.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2026-01174

CVE-2023-54314 (GCVE-0-2023-54314)

Tags

Sightings

Nomenclature