CVE-2023-54044
- Source
- https://cve.org/CVERecord?id=CVE-2023-54044
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54044.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-54044
- Downstream
- Related
- Published
- 2025-12-24T12:22:56.072Z
- Modified
- 2026-04-02T09:45:32.022983Z
- Summary
- spmi: Add a check for remove callback when removing a SPMI driver
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
spmi: Add a check for remove callback when removing a SPMI driver
When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver:
dumpbacktrace.cfijt+0x0/0x8 dumpstacklvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfislowpath+0x1dc/0x214 spmidrvremove+0x16c/0x1e0 devicerelease_driverinternal+0x468/0x79c driverdetach+0x11c/0x1a0 busremovedriver+0xc4/0x124 driverunregister+0x58/0x84 cleanupmodule+0x1c/0xc24 [qcomspmipmic] __dosysdelete_module+0x3ec/0x53c _arm64sysdeletemodule+0x18/0x28 el0svccommon+0xdc/0x294 el0svc+0x38/0x9c el0synchandler+0x8c/0xf0 el0sync+0x1b4/0x1c0
If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54044.json" }- References
-
- https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4
- https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408
- https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c
- https://git.kernel.org/stable/c/699949219e35fe29fd42ccf8cd92c989c3d15109
- https://git.kernel.org/stable/c/af763c29b9e7040fedd0077bca053b101438a3a4
- https://git.kernel.org/stable/c/b56eef3e16d888883fefab47425036de80dd38fc
- https://git.kernel.org/stable/c/b95a69214daea4aab1c8bad96571d988a62e2c97
- https://git.kernel.org/stable/c/c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b
- https://git.kernel.org/stable/c/ee0b6146317a98bfec848d7bde5586beb245a38f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54044.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54044
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a86bf343976b9c8ab2f240bc866451fa67e5573Fixedb95a69214daea4aab1c8bad96571d988a62e2c97Fixed699949219e35fe29fd42ccf8cd92c989c3d15109Fixed54dda732225555dc6d660e95793c54a0a44b612cFixedc45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4bFixedee0b6146317a98bfec848d7bde5586beb245a38fFixed428cc252701d6864151f3a296ffc23e1e49a7408Fixedaf763c29b9e7040fedd0077bca053b101438a3a4Fixed0f3ef30c1c05502f5de3b73b3715d5994845c1b4Fixedb56eef3e16d888883fefab47425036de80dd38fc
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.15.0Fixed4.14.315
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.283
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.243
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.180
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.111
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.28
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.2.15
- Type
- ECOSYSTEM
- Events
-
Introduced6.3.0Fixed6.3.2