{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53834", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-09T01:27:17.825Z", "datePublished": "2025-12-09T01:29:49.742Z", "dateUpdated": "2025-12-09T01:29:49.742Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T01:29:49.742Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ina2xx: avoid NULL pointer dereference on OF device match\n\nThe affected lines were resulting in a NULL pointer dereference on our\nplatform because the device tree contained the following list of\ncompatible strings:\n\n power-sensor@40 {\n compatible = \"ti,ina232\", \"ti,ina231\";\n ...\n };\n\nSince the driver doesn't declare a compatible string \"ti,ina232\", the OF\nmatching succeeds on \"ti,ina231\". But the I2C device ID info is\npopulated via the first compatible string, cf. modalias population in\nof_i2c_get_board_info(). Since there is no \"ina232\" entry in the legacy\nI2C device ID table either, the struct i2c_device_id *id pointer in the\nprobe function is NULL.\n\nFix this by using the already populated type variable instead, which\npoints to the proper driver data. Since the name is also wanted, add a\ngeneric one to the ina2xx_config table."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/adc/ina2xx-adc.c"], "versions": [{"version": "c43a102e67db99c8bfe6e8a9280cec13ff53b789", "lessThan": "a8e2ae6296d56478fb98ae7f739846ed121f154f", "status": "affected", "versionType": "git"}, {"version": "c43a102e67db99c8bfe6e8a9280cec13ff53b789", "lessThan": "77b689cc27d489b75d33f1a368356d70eb0ce08c", "status": "affected", "versionType": "git"}, {"version": "c43a102e67db99c8bfe6e8a9280cec13ff53b789", "lessThan": "13f3ce53b65aa8b44cad7039d31e62c9ffd6c5d1", "status": "affected", "versionType": "git"}, {"version": "c43a102e67db99c8bfe6e8a9280cec13ff53b789", "lessThan": "a41e19cc0d6b6a445a4133170b90271e4a2553dc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/adc/ina2xx-adc.c"], "versions": [{"version": "4.5", "status": "affected"}, {"version": "0", "lessThan": "4.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.127", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.46", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.11", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.15.127"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.1.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.4.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a8e2ae6296d56478fb98ae7f739846ed121f154f"}, {"url": "https://git.kernel.org/stable/c/77b689cc27d489b75d33f1a368356d70eb0ce08c"}, {"url": "https://git.kernel.org/stable/c/13f3ce53b65aa8b44cad7039d31e62c9ffd6c5d1"}, {"url": "https://git.kernel.org/stable/c/a41e19cc0d6b6a445a4133170b90271e4a2553dc"}], "title": "iio: adc: ina2xx: avoid NULL pointer dereference on OF device match", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ina2xx: avoid NULL pointer dereference on OF device match\n\nThe affected lines were resulting in a NULL pointer dereference on our\nplatform because the device tree contained the following list of\ncompatible strings:\n\n power-sensor@40 {\n compatible = \"ti,ina232\", \"ti,ina231\";\n ...\n };\n\nSince the driver doesn't declare a compatible string \"ti,ina232\", the OF\nmatching succeeds on \"ti,ina231\". But the I2C device ID info is\npopulated via the first compatible string, cf. modalias population in\nof_i2c_get_board_info(). Since there is no \"ina232\" entry in the legacy\nI2C device ID table either, the struct i2c_device_id *id pointer in the\nprobe function is NULL.\n\nFix this by using the already populated type variable instead, which\npoints to the proper driver data. Since the name is also wanted, add a\ngeneric one to the ina2xx_config table."}], "id": "CVE-2023-53834", "lastModified": "2025-12-09T18:37:13.640", "metrics": {}, "published": "2025-12-09T16:17:22.680", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/13f3ce53b65aa8b44cad7039d31e62c9ffd6c5d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/77b689cc27d489b75d33f1a368356d70eb0ce08c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a41e19cc0d6b6a445a4133170b90271e4a2553dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a8e2ae6296d56478fb98ae7f739846ed121f154f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match", "id": "2420357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420357"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53834", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53834\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53834\nhttps://lore.kernel.org/linux-cve-announce/2025120954-CVE-2023-53834-61cb@gregkh/T"], "threat_severity": "Moderate"}