CVE-2023-53363

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53363
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53363.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53363
Downstream
Published
2025-09-17T14:56:52Z
Modified
2025-10-14T17:11:15.862067Z
Summary
PCI: Fix use-after-free in pci_bus_release_domain_nr()
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix use-after-free in pcibusreleasedomainnr()

Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()") introduced a use-after-free bug in the bus removal cleanup. The issue was found with kfence:

[ 19.293351] BUG: KFENCE: use-after-free read in pcibusreleasedomainnr+0x10/0x70

[ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115): [ 19.309677] pcibusreleasedomainnr+0x10/0x70 [ 19.309691] dwpciehostdeinit+0x28/0x78 [ 19.309702] tegrapciedeinitcontroller+0x1c/0x38 [pcietegra194] [ 19.309734] tegrapciedwprobe+0x648/0xb28 [pcietegra194] [ 19.309752] platformprobe+0x90/0xd8 ...

[ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k

[ 19.311469] allocated by task 96 on cpu 10 at 19.279323s: [ 19.311562] _kmemcacheallocnode+0x260/0x278 [ 19.311571] kmalloctrace+0x24/0x30 [ 19.311580] pciallocbus+0x24/0xa0 [ 19.311590] pciregisterhostbridge+0x48/0x4b8 [ 19.311601] pciscanrootbusbridge+0xc0/0xe8 [ 19.311613] pcihostprobe+0x18/0xc0 [ 19.311623] dwpciehostinit+0x2c0/0x568 [ 19.311630] tegrapciedwprobe+0x610/0xb28 [pcietegra194] [ 19.311647] platformprobe+0x90/0xd8 ...

[ 19.311782] freed by task 96 on cpu 10 at 19.285833s: [ 19.311799] releasepcibusdev+0x30/0x40 [ 19.311808] devicerelease+0x30/0x90 [ 19.311814] kobjectput+0xa8/0x120 [ 19.311832] deviceunregister+0x20/0x30 [ 19.311839] pciremovebus+0x78/0x88 [ 19.311850] pciremoverootbus+0x5c/0x98 [ 19.311860] dwpciehostdeinit+0x28/0x78 [ 19.311866] tegrapciedeinitcontroller+0x1c/0x38 [pcietegra194] [ 19.311883] tegrapciedwprobe+0x648/0xb28 [pcietegra194] [ 19.311900] platformprobe+0x90/0xd8 ...

[ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4 [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022 [ 19.325852] Workqueue: eventsunbound deferredprobeworkfunc

The stack trace is a bit misleading as dwpciehostdeinit() doesn't directly call pcibusreleasedomainnr(). The issue turns out to be in pciremoverootbus() which first calls pciremovebus() which frees the struct pcibus when its struct device is released. Then pcibusreleasedomainnr() is called and accesses the freed struct pcibus. Reordering these fixes the issue.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f8b6bd6c04d4dfc4c200e6fa306e61e3b42ec5fc
Fixed
52b0343c7d628f37b38e3279ba585526b850ad3b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
db273126bf548a2dc611372e8f6a817b2b16b563
Fixed
ad367516b1c09317111255ecfbf5e42c33e31918
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ead4d69b3ef047b0f670511d81e9ced7ac876b44
Fixed
fbf45385e3419b8698b5e0a434847072375cfec2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c14f7ccc9f5dcf9d06ddeec706f85405b2c80600
Fixed
07a75c0050e59c50f038cc5f4e2a3258c8f8c9d0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c14f7ccc9f5dcf9d06ddeec706f85405b2c80600
Fixed
30ba2d09edb5ea857a1473ae3d820911347ada62

Affected versions

v6.*

v6.1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.10
v6.2.11
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3-rc1

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/pci/remove.c",
                "function": "pci_remove_root_bus"
            },
            "signature_version": "v1",
            "digest": {
                "length": 442.0,
                "function_hash": "67127409959513623613861578492494286713"
            },
            "id": "CVE-2023-53363-35f9ac13",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbf45385e3419b8698b5e0a434847072375cfec2"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/pci/remove.c",
                "function": "pci_remove_root_bus"
            },
            "signature_version": "v1",
            "digest": {
                "length": 442.0,
                "function_hash": "67127409959513623613861578492494286713"
            },
            "id": "CVE-2023-53363-3cdf2778",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30ba2d09edb5ea857a1473ae3d820911347ada62"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/pci/remove.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "199828787599451668731756498442509895444",
                    "189641059283103732696537118155208939360",
                    "102328438276743736435673540839615800287",
                    "258886139854457535633754532298116363955",
                    "198841821230972913518633885120579148854",
                    "320065354642450382662019248122737917029",
                    "164375690487664290794901875821494674645",
                    "117429885199548767219468798721641823562"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-53363-4166dfc3",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad367516b1c09317111255ecfbf5e42c33e31918"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/pci/remove.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "199828787599451668731756498442509895444",
                    "189641059283103732696537118155208939360",
                    "102328438276743736435673540839615800287",
                    "258886139854457535633754532298116363955",
                    "198841821230972913518633885120579148854",
                    "320065354642450382662019248122737917029",
                    "164375690487664290794901875821494674645",
                    "117429885199548767219468798721641823562"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-53363-5ab54cc6",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52b0343c7d628f37b38e3279ba585526b850ad3b"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/pci/remove.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "199828787599451668731756498442509895444",
                    "189641059283103732696537118155208939360",
                    "102328438276743736435673540839615800287",
                    "258886139854457535633754532298116363955",
                    "198841821230972913518633885120579148854",
                    "320065354642450382662019248122737917029",
                    "164375690487664290794901875821494674645",
                    "117429885199548767219468798721641823562"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-53363-c964e663",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbf45385e3419b8698b5e0a434847072375cfec2"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/pci/remove.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "199828787599451668731756498442509895444",
                    "189641059283103732696537118155208939360",
                    "102328438276743736435673540839615800287",
                    "258886139854457535633754532298116363955",
                    "198841821230972913518633885120579148854",
                    "320065354642450382662019248122737917029",
                    "164375690487664290794901875821494674645",
                    "117429885199548767219468798721641823562"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-53363-e4793a07",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07a75c0050e59c50f038cc5f4e2a3258c8f8c9d0"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/pci/remove.c",
                "function": "pci_remove_root_bus"
            },
            "signature_version": "v1",
            "digest": {
                "length": 442.0,
                "function_hash": "67127409959513623613861578492494286713"
            },
            "id": "CVE-2023-53363-e8e140be",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07a75c0050e59c50f038cc5f4e2a3258c8f8c9d0"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/pci/remove.c",
                "function": "pci_remove_root_bus"
            },
            "signature_version": "v1",
            "digest": {
                "length": 442.0,
                "function_hash": "67127409959513623613861578492494286713"
            },
            "id": "CVE-2023-53363-f89e6fd4",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52b0343c7d628f37b38e3279ba585526b850ad3b"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/pci/remove.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "199828787599451668731756498442509895444",
                    "189641059283103732696537118155208939360",
                    "102328438276743736435673540839615800287",
                    "258886139854457535633754532298116363955",
                    "198841821230972913518633885120579148854",
                    "320065354642450382662019248122737917029",
                    "164375690487664290794901875821494674645",
                    "117429885199548767219468798721641823562"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-53363-f90b3332",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30ba2d09edb5ea857a1473ae3d820911347ada62"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/pci/remove.c",
                "function": "pci_remove_root_bus"
            },
            "signature_version": "v1",
            "digest": {
                "length": 442.0,
                "function_hash": "67127409959513623613861578492494286713"
            },
            "id": "CVE-2023-53363-fffc449a",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad367516b1c09317111255ecfbf5e42c33e31918"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.12