Null Pointer Dereference in Linux Kernel's IPU Bridge Component
CVE-2023-53336

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 September 2025

What is CVE-2023-53336?

A vulnerability in the Linux kernel's IPU bridge component can lead to a null pointer dereference during the parsing of SSDB and PLD warnings. Specifically, if the functions ipu_bridge_parse_rotation() or ipu_bridge_parse_orientation() are executed before the sensor->adev pointer is initialized, any warnings regarding unknown values can trigger a crash. The issue has been addressed by ensuring that sensor->adev is set earlier in the execution flow, thus preventing potential crashes from occurring. Users and administrators are advised to apply the latest security updates to mitigate this vulnerability.

Affected Version(s)

Linux 485aa3df0dffa62d347ea4e0116f549338accc59 < 3de35e29cfddfe6bff762b15bcfe8d80bebac6cb

Linux 485aa3df0dffa62d347ea4e0116f549338accc59

Linux 485aa3df0dffa62d347ea4e0116f549338accc59 < 284be5693163343e1cf17c03917eecd1d6681bcf

References

https://git.kernel.org/stable/c/3de35e29cfddfe6bff762b15b...

https://git.kernel.org/stable/c/e08b091e33ecf6e4cb2c0c582...

https://git.kernel.org/stable/c/284be5693163343e1cf17c039...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 16, 2025