DEBIAN-CVE-2023-53658
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53658
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53658.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53658
- Upstream
- Published
- 2025-10-07T16:15:49Z
- Modified
- 2025-10-08T09:06:08.861509Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hifmspi nor mspi is available If neither a "hifmspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer access on removal, as platformgetdrvdata() would return NULL, which it would then try to dereference when trying to unregister the spi master. Fix this by unconditionally calling devmioremapresource(), as it can handle a NULL res and will then return a viable ERRPTR() if we get one. The "return 0;" was previously a "goto qspiresource_err;" where then ret was returned, but since ret was still initialized to 0 at this place this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix use-after-free on unbind"). The issue was not introduced by this commit, only made more obvious.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.191-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.52-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source