Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53250

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
15/09/2025
Last modified:
14/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle<br /> <br /> KASAN reported a null-ptr-deref error:<br /> <br /> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]<br /> CPU: 0 PID: 1373 Comm: modprobe<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> RIP: 0010:dmi_sysfs_entry_release<br /> ...<br /> Call Trace:<br /> <br /> kobject_put<br /> dmi_sysfs_register_handle (drivers/firmware/dmi-sysfs.c:540) dmi_sysfs<br /> dmi_decode_table (drivers/firmware/dmi_scan.c:133)<br /> dmi_walk (drivers/firmware/dmi_scan.c:1115)<br /> dmi_sysfs_init (drivers/firmware/dmi-sysfs.c:149) dmi_sysfs<br /> do_one_initcall (init/main.c:1296)<br /> ...<br /> Kernel panic - not syncing: Fatal exception<br /> Kernel Offset: 0x4000000 from 0xffffffff81000000<br /> ---[ end Kernel panic - not syncing: Fatal exception ]---<br /> <br /> It is because previous patch added kobject_put() to release the memory<br /> which will call dmi_sysfs_entry_release() and list_del().<br /> <br /> However, list_add_tail(entry-&gt;list) is called after the error block,<br /> so the list_head is uninitialized and cannot be deleted.<br /> <br /> Move error handling to after list_add_tail to fix this.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.9.318 (including) 4.10 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.283 (including) 4.15 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.19.247 (including) 4.20 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4.198 (including) 5.5 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.122 (including) 5.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15.47 (including) 5.15.99 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.17.15 (including) 5.18 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.18.4 (including) 6.1.16 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.2.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools