CVE-2023-53834

Description

In the Linux kernel, the following vulnerability has been resolved:iio: adc: ina2xx: avoid null pointer dereference on OF device matchThe affected lines were resulting in a null pointer dereference on ourplatform because the device tree contained the following list ofcompatible strings: power-sensor@40 { compatible = ti,ina232, ti,ina231; ... };Since the driver doesnt declare a compatible string ti,ina232, the OFmatching succeeds on ti,ina231. But the I2C device ID info ispopulated via the first compatible string, cf. modalias population inof_i2c_get_board_info(). Since there is no ina232 entry in the legacyI2C device ID table either, the struct i2c_device_id *id pointer in theprobe function is null.Fix this by using the already populated type variable instead, whichpoints to the proper driver data. Since the name is also wanted, add ageneric one to the ina2xx_config table.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C

EPSS Score

Exploitation Probability

0.026

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234