CVE-2023-53658NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7

Description

In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer access on removal, as platform_get_drvdata() would return NULL, which it would then try to dereference when trying to unregister the spi master. Fix t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.94.14.322+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxfa236a7ef24048bafaeed13f68df35a819794758a91c34357afcfaa5307e254f22a8452550a07b34+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53658: In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a2025-10-07
GHSA
GHSA-f5pr-pcc8-pgcp: In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available2025-10-07
Debian
CVE-2023-53658: linux - In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qs...2023