CVE-2023-52459

Advisory lineage Upstream: 0 Downstream: 4

Downstream

DEBIAN-CVE-2023-52459 OPENSUSE-SU-2024:13767-1 OPENSUSE-SU-2025:14705-1 UBUNTU-CVE-2023-52459

Modified

Published: 23 Feb 2024, 14:46

Last modified:11 May 2026, 19:27

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Feb 2024, 14:46

Published

Vulnerability first disclosed

11 May 2026, 19:27

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() call results in either a warning (with CONFIG_DEBUG_LIST=y): list_del corruption, c46c8198->next is LIST_POISON1 (00000100) If CONFIG_DEBUG_LIST is disabled the operation results in a kernel error due to NULL pointer dereference.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 5%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 28a1295795d85a25f2e7dd391c43969e95fcb341, < b7062628caeaec90e8f691ebab2d70f31b7b6b91 | ≥ 28a1295795d85a25f2e7dd391c43969e95fcb341, < 49d82811428469566667f22749610b8c132cdb3e | ≥ 28a1295795d85a25f2e7dd391c43969e95fcb341, < 3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2 | 6.6
linux•linux_kernel
≥ 6.6.0, < 6.6.14 | ≥ 6.7.0, < 6.7.2