CVE-2023-53336 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings

When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run
sensor->adev is not set yet.

So if either of the dev_warn() calls about unknown values are hit this
will lead to a NULL pointer deref.

Set sensor->adev earlier, with a borrowed ref to avoid making unrolling
on errors harder, to fix this.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/284be5693163343e1cf17c03917eecd1d6681bcf
https://git.kernel.org/stable/c/3de35e29cfddfe6bff762b15bcfe8d80bebac6cb
https://git.kernel.org/stable/c/e08b091e33ecf6e4cb2c0c5820a69abe7673280b

History

Wed, 17 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run sensor->adev is not set yet. So if either of the dev_warn() calls about unknown values are hit this will lead to a NULL pointer deref. Set sensor->adev earlier, with a borrowed ref to avoid making unrolling on errors harder, to fix this.
Title		media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings
References		https://git.kernel.org/stable/c/284be5693163343e1cf17c03917eecd1d6681bcf https://git.kernel.org/stable/c/3de35e29cfddfe6bff762b15bcfe8d80bebac6cb https://git.kernel.org/stable/c/e08b091e33ecf6e4cb2c0c5820a69abe7673280b

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-17T14:56:30.752Z

Updated: 2025-09-17T14:56:30.752Z

Reserved: 2025-09-16T16:08:59.565Z

Link: CVE-2023-53336

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-17T15:15:36.680

Modified: 2025-09-17T15:15:36.680

Link: CVE-2023-53336

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53336", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-16T16:08:59.565Z", "datePublished": "2025-09-17T14:56:30.752Z", "dateUpdated": "2025-09-17T14:56:30.752Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-17T14:56:30.752Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings\n\nWhen ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run\nsensor->adev is not set yet.\n\nSo if either of the dev_warn() calls about unknown values are hit this\nwill lead to a NULL pointer deref.\n\nSet sensor->adev earlier, with a borrowed ref to avoid making unrolling\non errors harder, to fix this."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/intel/ipu-bridge.c"], "versions": [{"version": "485aa3df0dffa62d347ea4e0116f549338accc59", "lessThan": "3de35e29cfddfe6bff762b15bcfe8d80bebac6cb", "status": "affected", "versionType": "git"}, {"version": "485aa3df0dffa62d347ea4e0116f549338accc59", "lessThan": "e08b091e33ecf6e4cb2c0c5820a69abe7673280b", "status": "affected", "versionType": "git"}, {"version": "485aa3df0dffa62d347ea4e0116f549338accc59", "lessThan": "284be5693163343e1cf17c03917eecd1d6681bcf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/intel/ipu-bridge.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.16", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.3", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.4.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.5.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3de35e29cfddfe6bff762b15bcfe8d80bebac6cb"}, {"url": "https://git.kernel.org/stable/c/e08b091e33ecf6e4cb2c0c5820a69abe7673280b"}, {"url": "https://git.kernel.org/stable/c/284be5693163343e1cf17c03917eecd1d6681bcf"}], "title": "media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings", "x_generator": {"engine": "bippy-1.2.0"}}}}