{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52915", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:07:11.017Z", "datePublished": "2024-09-06T09:07:49.695Z", "dateUpdated": "2024-12-19T08:28:29.067Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:28:29.067Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/dvb-usb-v2/af9035.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b2f54ed7739dfdf42c4df0a11131aad7c8635464", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fa58d9db5cad4bb7bb694b6837e3b96d87554f2b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b49c6e5dd236787f13a062ec528d724169f11152", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6c01ef65de0b321b2db1ef9abf8f1d15862b937e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d9ef84a7c222497ecb5fdf93361c76931804825e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0143f282b15f7cedc0392ea10050fb6000fd16e6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "41b7181a40af84448a2b144fb02d8bf32b7e9a23", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7bf744f2de0a848fb1d717f5831b03db96feae89", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/dvb-usb-v2/af9035.c"], "versions": [{"version": "4.14.326", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.295", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.257", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.197", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.133", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.55", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.5", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b2f54ed7739dfdf42c4df0a11131aad7c8635464"}, {"url": "https://git.kernel.org/stable/c/fa58d9db5cad4bb7bb694b6837e3b96d87554f2b"}, {"url": "https://git.kernel.org/stable/c/b49c6e5dd236787f13a062ec528d724169f11152"}, {"url": "https://git.kernel.org/stable/c/6c01ef65de0b321b2db1ef9abf8f1d15862b937e"}, {"url": "https://git.kernel.org/stable/c/d9ef84a7c222497ecb5fdf93361c76931804825e"}, {"url": "https://git.kernel.org/stable/c/0143f282b15f7cedc0392ea10050fb6000fd16e6"}, {"url": "https://git.kernel.org/stable/c/41b7181a40af84448a2b144fb02d8bf32b7e9a23"}, {"url": "https://git.kernel.org/stable/c/7bf744f2de0a848fb1d717f5831b03db96feae89"}], "title": "media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T00:39:49.807538Z", "id": "CVE-2023-52915", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T14:09:11.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52915", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T00:39:49.807538Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T00:39:55.231Z"}}], "cna": {"title": "media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b2f54ed7739dfdf42c4df0a11131aad7c8635464", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fa58d9db5cad4bb7bb694b6837e3b96d87554f2b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b49c6e5dd236787f13a062ec528d724169f11152", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6c01ef65de0b321b2db1ef9abf8f1d15862b937e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d9ef84a7c222497ecb5fdf93361c76931804825e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0143f282b15f7cedc0392ea10050fb6000fd16e6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "41b7181a40af84448a2b144fb02d8bf32b7e9a23", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7bf744f2de0a848fb1d717f5831b03db96feae89", "versionType": "git"}], "programFiles": ["drivers/media/usb/dvb-usb-v2/af9035.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.14.326", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.295", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.257", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.197", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.133", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.55", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.5", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/usb/dvb-usb-v2/af9035.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b2f54ed7739dfdf42c4df0a11131aad7c8635464"}, {"url": "https://git.kernel.org/stable/c/fa58d9db5cad4bb7bb694b6837e3b96d87554f2b"}, {"url": "https://git.kernel.org/stable/c/b49c6e5dd236787f13a062ec528d724169f11152"}, {"url": "https://git.kernel.org/stable/c/6c01ef65de0b321b2db1ef9abf8f1d15862b937e"}, {"url": "https://git.kernel.org/stable/c/d9ef84a7c222497ecb5fdf93361c76931804825e"}, {"url": "https://git.kernel.org/stable/c/0143f282b15f7cedc0392ea10050fb6000fd16e6"}, {"url": "https://git.kernel.org/stable/c/41b7181a40af84448a2b144fb02d8bf32b7e9a23"}, {"url": "https://git.kernel.org/stable/c/7bf744f2de0a848fb1d717f5831b03db96feae89"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:28:29.067Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52915", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:28:29.067Z", "dateReserved": "2024-08-21T06:07:11.017Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-06T09:07:49.695Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C67A42DD-BAE5-4A0C-9EB9-679ACF1CD6B2", "versionEndExcluding": "4.14.326", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D419C7D6-F33D-4EF8-8950-1CB5DDF6A55D", "versionEndExcluding": "4.19.295", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "834BD148-28EC-43A4-A4F5-458124A1E39F", "versionEndExcluding": "5.4.257", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD17EA9A-DF74-4876-AADC-C204F0716961", "versionEndExcluding": "5.10.197", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21236FF3-9B2C-4C1A-8780-BC5BCA44AA51", "versionEndExcluding": "5.15.133", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EFCF8E8-5528-46B9-8C17-B09792899CE0", "versionEndExcluding": "6.1.55", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CF71E85-DA24-4925-95C5-E5C15DA71AE6", "versionEndExcluding": "6.5.5", "versionStartIncluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer En af9035_i2c_master_xfer, msg est\u00e1 controlado por el usuario. Cuando msg[i].buf es nulo y msg[i].len es cero, se pasar\u00edan las comprobaciones anteriores en msg[i].buf. Los datos maliciosos finalmente llegan a af9035_i2c_master_xfer. Si se accede a msg[i].buf[0] sin una comprobaci\u00f3n de cordura, se producir\u00eda una desreferencia nula de ptr. Agregamos una comprobaci\u00f3n en msg[i].len para evitar un bloqueo. Commit similar: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"}], "id": "CVE-2023-52915", "lastModified": "2024-09-10T17:12:41.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-06T09:15:02.787", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0143f282b15f7cedc0392ea10050fb6000fd16e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/41b7181a40af84448a2b144fb02d8bf32b7e9a23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6c01ef65de0b321b2db1ef9abf8f1d15862b937e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7bf744f2de0a848fb1d717f5831b03db96feae89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2f54ed7739dfdf42c4df0a11131aad7c8635464"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b49c6e5dd236787f13a062ec528d724169f11152"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d9ef84a7c222497ecb5fdf93361c76931804825e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa58d9db5cad4bb7bb694b6837e3b96d87554f2b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer", "id": "2310377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310377"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")", "A NULL pointer dereference vulnerability was found in the af9035_i2c_master_xfer function of the dvb-usb-v2 driver in the Linux kernel. This issue occurred because the function did not adequately check the msg[i].buf and msg[i].len fields, allowing a NULL pointer dereference if msg[i].buf was NULL and msg[i].len was zero. The fix introduces a sanity check on msg[i].len to prevent such crashes by ensuring the buffer is valid before accessing its contents."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52915", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52915\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52915\nhttps://lore.kernel.org/linux-cve-announce/2024090653-CVE-2023-52915-21a9@gregkh/T"], "statement": "This vulnerability is classified as a Moderate severity rather than Important due to its specific conditions and impact. The NULL pointer dereference in `af9035_i2c_master_xfer` requires both `msg[i].buf` to be `NULL` and `msg[i].len` to be zero for exploitation, which limits its exploitation to cases where these conditions are met. Furthermore, while it can cause a denial of service (crash) when accessing invalid memory, it does not directly lead to arbitrary code execution or data corruption.", "threat_severity": "Moderate"}