CVE-2023-52861 : In the Linux kernel, the following vulnerability has been resolved: drm: bridge

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as the EDID information to the sound framework if there is no connector attached.

Published 2024-05-21 15:31:54

Updated 2025-04-02 15:05:11

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-52861

Linux » Linux Kernel
Versions from including (>=) 6.6 and before (<) 6.6.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.5.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.19 and before (<) 6.1.63
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52861

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52861

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.5	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-52861

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-52861

https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd

drm: bridge: it66121: Fix invalid connector dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc

drm: bridge: it66121: Fix invalid connector dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331

drm: bridge: it66121: Fix invalid connector dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86

drm: bridge: it66121: Fix invalid connector dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52861

Products affected by CVE-2023-52861

Exploit prediction scoring system (EPSS) score for CVE-2023-52861

CVSS scores for CVE-2023-52861

CWE ids for CVE-2023-52861

References for CVE-2023-52861