CVE-2023-54266 - Vulnerability Details

- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()

Description

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()

'read' is freed when it is known to be NULL, but not when a read error
occurs.

Revert the logic to avoid a small leak, should a m920x_read() call fail.

Published: 2025-12-30

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`82ce3084892c0c0e006ec61f6144f2cc4e5ece88`	affected	< 809623fedc31f4e74039d93bb75a8993635d7534
`7dca4428d7eb33c89979e620228fe557593fde66`	affected	< c0178e938f110cdf6937f26975c0c951dbb1d9db
`fe791612afabaeee9b911bd7b955985bcf5ff314`	affected	< 75d6ef197c488cd852493b4a419274e3489da79d
`830e5d1b4344c2575020ee4bdf63fb48e2b56ce3`	affected	< d13a84874a2e0236c9325b3adc8e126d0888ad6b
`0c044e39d52abfbb4cb43dbc5a09c1dc1ed24648`	affected	< 7ca7cd02114ac8caa6b0a64734b9af6be1559353
`a2ab06d7c4d6bfd0b545a768247a70463e977e27`	affected	< 2b6e20ef0585a467c24c7e4fde28518e5b33225a
`a2ab06d7c4d6bfd0b545a768247a70463e977e27`	affected	< 4feed3dfca722c6d74865a37cab853c58e6aa190
`a2ab06d7c4d6bfd0b545a768247a70463e977e27`	affected	< 2cc9f11aeae2887a4db25c27323fc445f4b49e86
`a2ab06d7c4d6bfd0b545a768247a70463e977e27`	affected	< ea9ef6c2e001c5dc94bee35ebd1c8a98621cf7b8
`08cb4f0da9926277101d18d817048e1328ac2563`	affected	—
`273cac7a89712ba6b898214af150b71dc33abe0c`	affected	—
`b7e221dc8f23727e00a7fb6709b3318547a7c4d8`	affected	—

Linux

affected

Version	Status	Constraints
`5.17`	affected	—
`0`	unaffected	< 5.17
`4.14.326`	unaffected	≤ 4.14.*
`4.19.295`	unaffected	≤ 4.19.*
`5.4.257`	unaffected	≤ 5.4.*
`5.10.195`	unaffected	≤ 5.10.*
`5.15.132`	unaffected	≤ 5.15.*
`6.1.53`	unaffected	≤ 6.1.*
`6.4.16`	unaffected	≤ 6.4.*
`6.5.3`	unaffected	≤ 6.5.*
`6.6`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2b6e20ef0585a467c24c7e4fde28518e5b33225a
https://git.kernel.org/stable/c/2cc9f11aeae2887a4db25c27323fc445f4b49e86
https://git.kernel.org/stable/c/4feed3dfca722c6d74865a37cab853c58e6aa190
https://git.kernel.org/stable/c/75d6ef197c488cd852493b4a419274e3489da79d
https://git.kernel.org/stable/c/7ca7cd02114ac8caa6b0a64734b9af6be1559353
https://git.kernel.org/stable/c/809623fedc31f4e74039d93bb75a8993635d7534
https://git.kernel.org/stable/c/c0178e938f110cdf6937f26975c0c951dbb1d9db
https://git.kernel.org/stable/c/d13a84874a2e0236c9325b3adc8e126d0888ad6b
https://git.kernel.org/stable/c/ea9ef6c2e001c5dc94bee35ebd1c8a98621cf7b8
https://lore.kernel.org/linux-cve-announce/2025123059-CVE-2023-54266-a48b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54266
https://www.cve.org/CVERecord?id=CVE-2023-54266

History

Wed, 31 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123059-CVE-2023-54266-a48b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54266 https://www.cve.org/CVERecord?id=CVE-2023-54266

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() 'read' is freed when it is known to be NULL, but not when a read error occurs. Revert the logic to avoid a small leak, should a m920x_read() call fail.
Title		media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2b6e20ef0585a467c24c7e4fde28518e5b33225a https://git.kernel.org/stable/c/2cc9f11aeae2887a4db25c27323fc445f4b49e86 https://git.kernel.org/stable/c/4feed3dfca722c6d74865a37cab853c58e6aa190 https://git.kernel.org/stable/c/75d6ef197c488cd852493b4a419274e3489da79d https://git.kernel.org/stable/c/7ca7cd02114ac8caa6b0a64734b9af6be1559353 https://git.kernel.org/stable/c/809623fedc31f4e74039d93bb75a8993635d7534 https://git.kernel.org/stable/c/c0178e938f110cdf6937f26975c0c951dbb1d9db https://git.kernel.org/stable/c/d13a84874a2e0236c9325b3adc8e126d0888ad6b https://git.kernel.org/stable/c/ea9ef6c2e001c5dc94bee35ebd1c8a98621cf7b8

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:15:58.235Z

Updated: 2025-12-30T12:15:58.235Z

Reserved: 2025-12-30T12:06:44.518Z

Link: CVE-2023-54266

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:15.410

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54266

Redhat

Severity :

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54266 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object