CVE-2023-53834 | iio: adc: ina2xx: avoid NULL pointer dereference on OF device match

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines were resulting in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings: power-sensor@40 { compatible = "ti,ina232", "ti,ina231"; ... }; Since the driver doesn't declare a compatible string "ti,ina232", the OF matching succeeds on "ti,ina231". But the I2C device ID info is populated via the first compatible string, cf. modalias population in of_i2c_get_board_info(). Since there is no "ina232" entry in the legacy I2C device ID table either, the struct i2c_device_id *id pointer in the probe function is NULL. Fix this by using the already populated type variable instead, which points to the proper driver data. Since the name is also wanted, add a generic one to the ina2xx_config table.

Published: 2025-12-09 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-53834 is rated Low Risk (3.6/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-53834

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-09	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-53834

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-53834

OS Trackers for CVE-2023-53834

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2023-53834 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1.	https://security-tracker.debian.org/tracker/CVE-2023-53834
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2023-53834
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2023-53834/
`ubuntu`	medium	CVE-2023-53834 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, released 112, not-affected 72, needed 37, needs-triage 1.	https://ubuntu.com/security/CVE-2023-53834

Affected software / configurations for CVE-2023-53834

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2023-53834

URL	Tags
https://git.kernel.org/stable/c/13f3ce53b65aa8b44cad7039d31e62c9ffd6c5d1
https://git.kernel.org/stable/c/77b689cc27d489b75d33f1a368356d70eb0ce08c
https://git.kernel.org/stable/c/a41e19cc0d6b6a445a4133170b90271e4a2553dc
https://git.kernel.org/stable/c/a8e2ae6296d56478fb98ae7f739846ed121f154f

cvelogic Threat Intelligence