CVE-2023-52918

low-risk

Published 2024-10-22

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/06ee04a907d64ee3910fecedd05d7f1be4b1b70e

Patch https://git.kernel.org/stable/c/15126b916e39b0cb67026b0af3c014bfeb1f76b3

Patch https://git.kernel.org/stable/c/199a42fc4c45e8b7f19efeb15dbc36889a599ac2

Patch https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6

Patch https://git.kernel.org/stable/c/a5f1d30c51c485cec7a7de60205667c3ff86c303

Patch https://git.kernel.org/stable/c/b1397fb4a779fca560c43d2acf6702d41b4a495b

Patch https://git.kernel.org/stable/c/e7385510e2550a9f8b6f3d5f33c5b894ab9ba976

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal