Bugzilla – Bug 1225474
VUL-0: REJECTED: CVE-2023-52802: kernel: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()
Last modified: 2024-06-10 07:10:07 UTC
In the Linux kernel, the following vulnerability has been resolved: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() of_match_device() may fail and returns a NULL pointer. In practice there is no known reasonable way to trigger this, but in case one is added in future, harden the code by adding the check References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52802 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52802.mbox https://git.kernel.org/stable/c/b80aaff5f7817d50798ac61ed75973f004dd5202 https://git.kernel.org/stable/c/b028f89c56e964a22d3ddb8eab1a0e7e980841b9 https://git.kernel.org/stable/c/5b82e4240533bcd4691e50b64ec86d0d7fbd21b9 https://git.kernel.org/stable/c/3a23b384e7e3d64d5587ad10729a34d4f761517e https://www.cve.org/CVERecord?id=CVE-2023-52802 https://bugzilla.redhat.com/show_bug.cgi?id=2282620
I could argue this is bug or CVE at all. Look at the commit message: " In practice there is no known reasonable way to trigger this, but in case one is added in future, harden the code by adding the check "
Asked about this upstream [1] [1] https://lore.kernel.org/all/20240605145123.78220-1-iivanov@suse.de/
Now rejected. https://nvd.nist.gov/vuln/detail/CVE-2023-52802 Back to security team.
REJECTED: https://lore.kernel.org/linux-cve-announce/2024060805-REJECTED-ee8d@gregkh/T/#u
closing