DEBIAN-CVE-2023-54118

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54118

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54118.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54118

Upstream

CVE-2023-54118

Published

2025-12-24T13:16:13.737Z

Modified

2025-12-25T11:15:23.373204Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc : sc16is7xxgpiodirectionoutput+0x68/0x108 [sc16is7xx] lr : sc16is7xxgpiodirectionoutput+0x4c/0x108 [sc16is7xx] ... Call trace: sc16is7xxgpiodirectionoutput+0x68/0x108 [sc16is7xx] gpioddirectionoutputrawcommit+0x64/0x318 gpioddirectionoutput+0xb0/0x170 creategpioled+0xec/0x198 gpioledprobe+0x16c/0x4f0 platformdrvprobe+0x5c/0xb0 reallyprobe+0xe8/0x448 driverprobedevice+0xe8/0x138 _deviceattachdriver+0x94/0x118 busforeachdrv+0x8c/0xe0 _deviceattach+0x100/0x1b8 deviceinitialprobe+0x28/0x38 busprobedevice+0xa4/0xb0 deferredprobeworkfunc+0x90/0xe0 processonework+0x1c4/0x480 workerthread+0x54/0x430 kthread+0x138/0x150 retfromfork+0x10/0x1c This patch moves the setup of the GPIO controller functions to later in the probe function, ensuring the sc16is7xx device has already finished initialising by the time other devices try to make use of the GPIO lines. The error handling has also been reordered to reflect the new initialisation order.

References

https://security-tracker.debian.org/tracker/CVE-2023-54118

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54118.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54118.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54118.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54118.json"