CVE-2023-54233 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

3.3LOW

No vector

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .module_info field won't be set, then sof_ipc4_route_setup() will cause a kernel Oops trying to dereference it. Add a check for such cases.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.0.0 — 6.2.11

▶Debianlinux/linux_kernel< 6.3.7-1+1

▶CVEListV5linux/linux3acd527089463742a3dd95e274d53c2fdd834716 — 170818974e9732506195c6302743856cc8bdfd6f+2

▶debiandebian/linux< linux 6.3.7-1 (forky)

🔴Vulnerability Details

OSV

ASoC: SOF: avoid a NULL dereference with unsupported widgets↗2025-12-30

▶

GHSA

GHSA-h352-qwh6-g54m: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology↗2025-12-30

▶

OSV

CVE-2023-54233: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology c↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: ASoC: SOF: avoid a NULL dereference with unsupported widgets↗2025-12-30

▶

Debian

CVE-2023-54233: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54233 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶