{"vulnerability": "CVE-2023-53146", "sightings": [{"uuid": "1bad1431-fada-4b43-a35a-86d33a107fb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-53146", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16307", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-53146\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()\n\nIn dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach dw2102_i2c_transfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 950e252cb469\n(\"[media] dw2102: limit messages to buffer size\")\n\ud83d\udccf Published: 2025-05-14T12:43:59.117Z\n\ud83d\udccf Modified: 2025-05-14T12:43:59.117Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/77cbd42d29de9ffc93d5529bab8813cde53af14c\n2. https://git.kernel.org/stable/c/ecbe6d011b95c7da59f014f8d26cb7245ed1e11e\n3. https://git.kernel.org/stable/c/beb9550494e7349f92b9eaa283256a5ad9b1c9be\n4. https://git.kernel.org/stable/c/97fdbdb750342cbc204befde976872fedb406ee6\n5. https://git.kernel.org/stable/c/903566208ae6bb9c0e7e54355ce75bf6cf72485d\n6. https://git.kernel.org/stable/c/08dfcbd03b2b7f918c4f87c6ff637054e510df74\n7. https://git.kernel.org/stable/c/fb28afab113a82b89ffec48c8155ec05b4f8cb5e\n8. https://git.kernel.org/stable/c/5ae544d94abc8ff77b1b9bf8774def3fa5689b5b", "creation_timestamp": "2025-05-14T13:32:34.000000Z"}]}