CVE-2023-53834
Description
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings:
power-sensor@40 { compatible = "ti,ina232", "ti,ina231"; ... };
Since the driver doesn't declare a compatible string "ti,ina232", the OF matching succeeds on "ti,ina231". But the I2C device ID info is populated via the first compatible string, cf. modalias population in of_i2c_get_board_info(). Since there is no "ina232" entry in the legacy I2C device ID table either, the struct i2c_device_id *id pointer in the probe function is NULL.
Fix this by using the already populated type variable instead, which points to the proper driver data. Since the name is also wanted, add a generic one to the ina2xx_config table.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's INA2xx ADC driver, a NULL pointer dereference occurs when a device tree lists multiple compatible strings and the first is not in the legacy I2C table.
Vulnerability
Overview
In the Linux kernel's IIO subsystem, the ina2xx ADC driver (drivers/iio/adc/ina2xx.c) contains a NULL pointer dereference vulnerability arising from inconsistent handling of device tree (OF) matching and legacy I2C device ID tables. When a device tree node specifies a list of compatible strings (e.g., "ti,ina232" followed by "ti,ina231"), the kernel's OF matching logic selects the best match, which may be a later compatible string. However, the I2C driver model populates the device ID info based on the first compatible string in the list. If that first string does not exist in the driver's i2c_device_id table (e.g., "ti,ina232" is not listed), then during probe the struct i2c_device_id *id pointer is NULL, and the driver dereferences it, causing a crash.
Exploitation
Prerequisites
This vulnerability is triggered on systems where a device tree contains a compatible string that is not directly declared in the driver but is used in a list with a supported string. The attacker must be able to control or influence the device tree content, typically in embedded or IoT scenarios where custom device trees are loaded. No special privileges beyond the ability to boot the kernel with the crafted device tree are required; the vulnerability occurs during kernel initialization.
Impact
An attacker who can supply a malicious device tree can cause a NULL pointer dereference in the kernel, leading to a denial of service (system crash or hang). The impact is limited to availability; there is no evidence of privilege escalation, memory corruption, or information disclosure from this bug.
Mitigation
The fix, committed upstream as commit 77b689cc27d489b75d33f1a368356d70eb0ce08c [1], resolves the issue by using the already-populated type variable (which points to proper driver data) instead of the potentially NULL id pointer. The driver also adds a generic name to the ina2xx_config table. This fix should be included in kernels starting from the timeframe of publication (2025-12-09). There is no indication this CVE is listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
4a8e2ae6296d577b689cc27d413f3ce53b65aa41e19cc0d6bVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.