CVE-2023-54058
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/12/2025
Last modified:
24/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
firmware: arm_ffa: Check if ffa_driver remove is present before executing<br />
<br />
Currently ffa_drv->remove() is called unconditionally from<br />
ffa_device_remove(). Since the driver registration doesn&#39;t check for it<br />
and allows it to be registered without .remove callback, we need to check<br />
for the presence of it before executing it from ffa_device_remove() to<br />
above a NULL pointer dereference like the one below:<br />
<br />
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000<br />
| Mem abort info:<br />
| ESR = 0x0000000086000004<br />
| EC = 0x21: IABT (current EL), IL = 32 bits<br />
| SET = 0, FnV = 0<br />
| EA = 0, S1PTW = 0<br />
| FSC = 0x04: level 0 translation fault<br />
| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000881cc8000<br />
| [0000000000000000] pgd=0000000000000000, p4d=0000000000000000<br />
| Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP<br />
| CPU: 3 PID: 130 Comm: rmmod Not tainted 6.3.0-rc7 #6<br />
| Hardware name: FVP Base RevC (DT)<br />
| pstate: 63402809 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=-c)<br />
| pc : 0x0<br />
| lr : ffa_device_remove+0x20/0x2c<br />
| Call trace:<br />
| 0x0<br />
| device_release_driver_internal+0x16c/0x260<br />
| driver_detach+0x90/0xd0<br />
| bus_remove_driver+0xdc/0x11c<br />
| driver_unregister+0x30/0x54<br />
| ffa_driver_unregister+0x14/0x20<br />
| cleanup_module+0x18/0xeec<br />
| __arm64_sys_delete_module+0x234/0x378<br />
| invoke_syscall+0x40/0x108<br />
| el0_svc_common+0xb4/0xf0<br />
| do_el0_svc+0x30/0xa4<br />
| el0_svc+0x2c/0x7c<br />
| el0t_64_sync_handler+0x84/0xf0<br />
| el0t_64_sync+0x190/0x194