CVE-2023-54093 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") [hverkuil: add spaces around +]

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/14b94154a72388b57221a2a73795c0ea61a95373
https://git.kernel.org/stable/c/3dd5846a873938ec7b6d404ec27662942cd8f2ef
https://git.kernel.org/stable/c/4a9763d2bc4a6d6fab42555b9c0b2eefa32585ac
https://git.kernel.org/stable/c/5975dbbb7ad0767eaabd15d2c37a739ac76acb00
https://git.kernel.org/stable/c/73c0b224ceeba12dee2a7a8cbc147648da0b2e63
https://git.kernel.org/stable/c/8dc5b370254abc10f0cb4141d90cecf7ce465472
https://git.kernel.org/stable/c/c30411266fd67ea3c02a05c157231654d5a3bdc9
https://git.kernel.org/stable/c/e04affec2506ff5c12a18d78d7e694b3556a8982

History

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") [hverkuil: add spaces around +]
Title		media: anysee: fix null-ptr-deref in anysee_master_xfer
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/14b94154a72388b57221a2a73795c0ea61a95373 https://git.kernel.org/stable/c/3dd5846a873938ec7b6d404ec27662942cd8f2ef https://git.kernel.org/stable/c/4a9763d2bc4a6d6fab42555b9c0b2eefa32585ac https://git.kernel.org/stable/c/5975dbbb7ad0767eaabd15d2c37a739ac76acb00 https://git.kernel.org/stable/c/73c0b224ceeba12dee2a7a8cbc147648da0b2e63 https://git.kernel.org/stable/c/8dc5b370254abc10f0cb4141d90cecf7ce465472 https://git.kernel.org/stable/c/c30411266fd67ea3c02a05c157231654d5a3bdc9 https://git.kernel.org/stable/c/e04affec2506ff5c12a18d78d7e694b3556a8982

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:06:21.774Z

Updated: 2025-12-24T13:06:21.774Z

Reserved: 2025-12-24T13:02:52.516Z

Link: CVE-2023-54093

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T13:16:11.173

Modified: 2025-12-24T13:16:11.173

Link: CVE-2023-54093

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object