SB20251230202 - NULL pointer dereference in Linux kernel usb dvb-usb driver
Published: December 30, 2025 Updated: December 30, 2025
Security Bulletin ID
SB20251230202
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2023-54314)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the af9005_i2c_xfer() function in drivers/media/usb/dvb-usb/af9005.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108f
- https://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9
- https://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfe
- https://git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536
- https://git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3
- https://git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8
- https://git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5
- https://git.kernel.org/stable/c/f4ee84f27625ce1fdf41e8483fa0561a1b837d10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.197
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6