Null Pointer Dereference Vulnerability in Linux Kernel’s TW68 Driver
CVE-2023-53244

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 September 2025

What is CVE-2023-53244?

A vulnerability exists within the Linux Kernel’s TW68 driver that can lead to a null pointer dereference. When the driver invokes the tw68_risc_buffer() function to prepare a buffer, it may encounter failure during dma_alloc_coherent, leaving the buffer's CPU field empty. This situation can trigger a null pointer dereference upon subsequent buffer access or deallocation. The vulnerability may be exploited dynamically from a user-side context. It has been addressed by implementing checks on the return value of tw68_risc_buffer() and validating buf->cpu before freeing the buffer, thereby enhancing the driver’s reliability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3c67f49a6643d973e83968ea35806c7b5ae68b56

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3715c5e9a8f96b6ed0dcbea06da443efccac1ecc

References

https://git.kernel.org/stable/c/dcf632bca424e6ff8c8eb89c9...
https://git.kernel.org/stable/c/3c67f49a6643d973e83968ea3...
https://git.kernel.org/stable/c/3715c5e9a8f96b6ed0dcbea06...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53244 : Null Pointer Dereference Vulnerability in Linux Kernel’s TW68 Driver