CVE-2023-54314
Description
In the Linux kernel, the following vulnerability has been resolved:
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
In af9005_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9005_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash.
Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null-pointer dereference in the Linux kernel's af9005 driver allows local users to cause a denial of service by sending crafted i2c messages with a null buffer and zero length.
Vulnerability
In the Linux kernel's af9005 driver, the af9005_i2c_xfer function lacks a sanity check on msg[i].len when msg[i].buf is null. A user-controlled message with a null buffer and zero length bypasses earlier checks, leading to a null-pointer dereference when accessing msg[i].buf[0]. This is similar to a previously fixed issue in the az6027 driver.
Exploitation
An attacker with local access can trigger this vulnerability by passing a crafted i2c_msg structure to the driver via the I2C interface. The vulnerability requires no special privileges beyond the ability to interact with the device file, making it exploitable from user space.
Impact
Successful exploitation causes a null-pointer dereference, resulting in a kernel crash (denial of service). Due to the instability induced, this could potentially be leveraged for privilege escalation on systems lacking panic-based protections, though the primary impact is availability.
Mitigation
The vulnerability is fixed by adding a check on msg[i].len before accessing the buffer. Patches have been applied to the Linux kernel and backported to stable branches as seen in commits [1][2][3][4]. Users should update their kernel to a version containing the fix.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
898c12abb275b63d962ac7a520c02eb70b1ddc7e5ac737db2033b0c0780adabb6fd93e05ee595ff350b2ff4ee84f27625Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/033b0c0780adee32dde218179e9bc51d2525108fnvd
- git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9nvd
- git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e284dce5e5955dfenvd
- git.kernel.org/stable/c/98c12abb275b75a98ff62de9466d21e4daa98536nvd
- git.kernel.org/stable/c/abb6fd93e05e80668d2317fe1110bc99b05034c3nvd
- git.kernel.org/stable/c/c7e5ac737db25d7387fe517cb5207706782b6cf8nvd
- git.kernel.org/stable/c/e595ff350b2fd600823ee8491df7df693ae4b7c5nvd
- git.kernel.org/stable/c/f4ee84f27625ce1fdf41e8483fa0561a1b837d10nvd
News mentions
0No linked articles in our index yet.