CVE-2023-54282 - Vulnerability Details

- media: tuners: qt1010: replace BUG_ON with a regular error

Description

In the Linux kernel, the following vulnerability has been resolved:

media: tuners: qt1010: replace BUG_ON with a regular error

BUG_ON is unnecessary here, and in addition it confuses smatch.
Replacing this with an error return help resolve this smatch
warning:

drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34

Published: 2025-12-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< 6cae780862d221106626b2b5fb21a197f398c6ec
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< f844bc3a47d8d1c55a4a9cfca38c538e9df7e678
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< 641e60223971e95472a2a9646b1e7f94d441de45
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< 2ae53dd15eef90d34fc084b5b2305a67bb675a26
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< 48bb6a9fa5cb150ac2a22b3c779c96bc0ed21071
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< 257092cb544c7843376b3e161f789e666ef06c98
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< 1a6bf53fffe0b7ebe2a0f402b44f14f90cffd164
`4682b58e5af01ee856a706083eac71238fb69cd0`	affected	< ee630b29ea44d1851bb6c903f400956604834463

Linux

affected

Version	Status	Constraints
`4.2`	affected	—
`0`	unaffected	< 4.2
`4.14.326`	unaffected	≤ 4.14.*
`4.19.295`	unaffected	≤ 4.19.*
`5.4.257`	unaffected	≤ 5.4.*
`5.10.197`	unaffected	≤ 5.10.*
`5.15.133`	unaffected	≤ 5.15.*
`6.1.55`	unaffected	≤ 6.1.*
`6.5.5`	unaffected	≤ 6.5.*
`6.6`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1a6bf53fffe0b7ebe2a0f402b44f14f90cffd164
https://git.kernel.org/stable/c/257092cb544c7843376b3e161f789e666ef06c98
https://git.kernel.org/stable/c/2ae53dd15eef90d34fc084b5b2305a67bb675a26
https://git.kernel.org/stable/c/48bb6a9fa5cb150ac2a22b3c779c96bc0ed21071
https://git.kernel.org/stable/c/641e60223971e95472a2a9646b1e7f94d441de45
https://git.kernel.org/stable/c/6cae780862d221106626b2b5fb21a197f398c6ec
https://git.kernel.org/stable/c/ee630b29ea44d1851bb6c903f400956604834463
https://git.kernel.org/stable/c/f844bc3a47d8d1c55a4a9cfca38c538e9df7e678
https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54282-dab4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54282
https://www.cve.org/CVERecord?id=CVE-2023-54282

History

Wed, 31 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54282-dab4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54282 https://www.cve.org/CVERecord?id=CVE-2023-54282
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 30 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34
Title		media: tuners: qt1010: replace BUG_ON with a regular error
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1a6bf53fffe0b7ebe2a0f402b44f14f90cffd164 https://git.kernel.org/stable/c/257092cb544c7843376b3e161f789e666ef06c98 https://git.kernel.org/stable/c/2ae53dd15eef90d34fc084b5b2305a67bb675a26 https://git.kernel.org/stable/c/48bb6a9fa5cb150ac2a22b3c779c96bc0ed21071 https://git.kernel.org/stable/c/641e60223971e95472a2a9646b1e7f94d441de45 https://git.kernel.org/stable/c/6cae780862d221106626b2b5fb21a197f398c6ec https://git.kernel.org/stable/c/ee630b29ea44d1851bb6c903f400956604834463 https://git.kernel.org/stable/c/f844bc3a47d8d1c55a4a9cfca38c538e9df7e678

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:23:23.792Z

Updated: 2026-01-05T11:37:15.163Z

Reserved: 2025-12-30T12:06:44.525Z

Link: CVE-2023-54282

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:17.180

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54282

Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54282 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object