{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52647", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.094Z", "datePublished": "2024-05-01T05:16:57.465Z", "dateUpdated": "2025-05-04T07:40:48.687Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:40:48.687Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access\n\nWhen translating source to sink streams in the crossbar subdev, the\ndriver tries to locate the remote subdev connected to the sink pad. The\nremote pad may be NULL, if userspace tries to enable a stream that ends\nat an unconnected crossbar sink. When that occurs, the driver\ndereferences the NULL pad, leading to a crash.\n\nPrevent the crash by checking if the pad is NULL before using it, and\nreturn an error if it is."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c"], "versions": [{"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "c95318607fbe8fdd44991a8dad2e44118e6b8812", "status": "affected", "versionType": "git"}, {"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "c4bd29bf5b7f67925bc1abd16069f22dadf5f061", "status": "affected", "versionType": "git"}, {"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "91c8ce42fcde09f1da24acab9013b3e19cb88a4e", "status": "affected", "versionType": "git"}, {"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "eb2f932100288dbb881eadfed02e1459c6b9504c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812"}, {"url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061"}, {"url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e"}, {"url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c"}], "title": "media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52647", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T18:39:24.705323Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:46.015Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.365Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.365Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52647", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T18:39:24.705323Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:43.809Z"}}], "cna": {"title": "media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "c95318607fbe8fdd44991a8dad2e44118e6b8812", "versionType": "git"}, {"status": "affected", "version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "c4bd29bf5b7f67925bc1abd16069f22dadf5f061", "versionType": "git"}, {"status": "affected", "version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "91c8ce42fcde09f1da24acab9013b3e19cb88a4e", "versionType": "git"}, {"status": "affected", "version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "eb2f932100288dbb881eadfed02e1459c6b9504c", "versionType": "git"}], "programFiles": ["drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812"}, {"url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061"}, {"url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e"}, {"url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access\n\nWhen translating source to sink streams in the crossbar subdev, the\ndriver tries to locate the remote subdev connected to the sink pad. The\nremote pad may be NULL, if userspace tries to enable a stream that ends\nat an unconnected crossbar sink. When that occurs, the driver\ndereferences the NULL pad, leading to a crash.\n\nPrevent the crash by checking if the pad is NULL before using it, and\nreturn an error if it is."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.24", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.12", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.3", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "6.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:40:48.687Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52647", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:40:48.687Z", "dateReserved": "2024-03-06T09:52:12.094Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:16:57.465Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access\n\nWhen translating source to sink streams in the crossbar subdev, the\ndriver tries to locate the remote subdev connected to the sink pad. The\nremote pad may be NULL, if userspace tries to enable a stream that ends\nat an unconnected crossbar sink. When that occurs, the driver\ndereferences the NULL pad, leading to a crash.\n\nPrevent the crash by checking if the pad is NULL before using it, and\nreturn an error if it is."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: nxp: imx8-isi: compruebe si el crossbar pad no es NULL antes del acceso. Al traducir el c\u00f3digo fuente a las secuencias receptoras en el subdev de la barra transversal, el controlador intenta localizar el subdev remoto conectado a la plataforma del fregadero. El pad remoto puede ser NULL, si el espacio de usuario intenta habilitar una secuencia que termina en un receptor de barra transversal no conectado. Cuando eso ocurre, el controlador elimina la referencia al pad NULL, lo que provoca un bloqueo. Evite el bloqueo verificando si el pad es NULL antes de usarlo y devuelva un error si lo es."}], "id": "CVE-2023-52647", "lastModified": "2024-11-21T08:40:16.850", "metrics": {}, "published": "2024-05-01T06:15:06.627", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access", "id": "2278541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278541"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access\nWhen translating source to sink streams in the crossbar subdev, the\ndriver tries to locate the remote subdev connected to the sink pad. The\nremote pad may be NULL, if userspace tries to enable a stream that ends\nat an unconnected crossbar sink. When that occurs, the driver\ndereferences the NULL pad, leading to a crash.\nPrevent the crash by checking if the pad is NULL before using it, and\nreturn an error if it is."], "name": "CVE-2023-52647", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52647\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52647\nhttps://lore.kernel.org/linux-cve-announce/2024050119-CVE-2023-52647-82e4@gregkh/T"], "threat_severity": "Moderate"}