| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091626-CVE-2023-53289-f049@gregkh> Date: Tue, 16 Sep 2025 10:11:39 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53289: media: bdisp: Add missing check for create_workqueue From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: bdisp: Add missing check for create_workqueue Add the check for the return value of the create_workqueue in order to avoid NULL pointer dereference. The Linux kernel CVE team has assigned CVE-2023-53289 to this issue. Affected and fixed versions =========================== Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 4.14.315 with commit fc1aeafdf6fb0a136c2257000f0d478ee62953fe Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 4.19.283 with commit 2bfbe3ad371ac5349302833198df14e442622cbc Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 5.4.243 with commit c6a315f0b14074ac89723f55b749a557dda0ae2b Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 5.10.180 with commit 4362444dca02ab44ac844feda3cf6238ef953673 Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 5.15.111 with commit 519b0849401194745ea40f9e07513b870afc1b42 Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 6.1.28 with commit c2e55481731b0e8c96f30f661e430aa884fbd354 Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 6.2.15 with commit eef95a2745cb91559bb03aa111c228fe38deaf64 Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 6.3.2 with commit 0d09ce05724cfb3f5c5136893bec95305c641875 Issue introduced in 4.2 with commit 28ffeebbb7bdc0dd7899286b63f3c359d43d0a1a and fixed in 6.4 with commit 2371adeab717d8fe32144a84f3491a03c5838cfb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53289 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/st/sti/bdisp/bdisp-v4l2.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fc1aeafdf6fb0a136c2257000f0d478ee62953fe https://git.kernel.org/stable/c/2bfbe3ad371ac5349302833198df14e442622cbc https://git.kernel.org/stable/c/c6a315f0b14074ac89723f55b749a557dda0ae2b https://git.kernel.org/stable/c/4362444dca02ab44ac844feda3cf6238ef953673 https://git.kernel.org/stable/c/519b0849401194745ea40f9e07513b870afc1b42 https://git.kernel.org/stable/c/c2e55481731b0e8c96f30f661e430aa884fbd354 https://git.kernel.org/stable/c/eef95a2745cb91559bb03aa111c228fe38deaf64 https://git.kernel.org/stable/c/0d09ce05724cfb3f5c5136893bec95305c641875 https://git.kernel.org/stable/c/2371adeab717d8fe32144a84f3491a03c5838cfb
Powered by blists - more mailing lists