CVE-2023-52647 | Date: (C)2024-06-27 (M)2024-06-27 |
In the linux kernel, the following vulnerability has been resolved medianxp imx8-isi check whether crossbar pad is non-null before access whentranslating source to sink streams in the crossbar subdev, the driver triesto locate the remote subdev connected to the sink pad. the remote pad maybe null, if userspace tries to enable a stream that ends at an unconnectedcrossbar sink. when that occurs, the driver dereferences the null pad,leading to a crash. prevent the crash by checking if the pad is null beforeusing it, and return an error if it is.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 7.5 | CVSS Score : 5.0 |
Exploit Score: 3.9 | Exploit Score: 10.0 |
Impact Score: 3.6 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: NONE | Authentication: NONE |
User Interaction: NONE | Confidentiality: NONE |
Scope: UNCHANGED | Integrity: NONE |
Confidentiality: NONE | Availability: PARTIAL |
Integrity: NONE | |
Availability: HIGH | |
| |