CVE-2023-53856NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call of_changeset_init() early When of_overlay_fdt_apply() fails, the changeset may be partially applied, and the caller is still expected to call of_overlay_remove() to clean up this partial state. However, of_overlay_apply() calls of_resolve_phandles() before init_overlay_changeset(). Hence if the overlay fails to apply due to an unresolved symbol, the overlay_changeset.cset.entries list is still uninitialized,

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.05.15.132+3
Debianlinux/linux_kernel< 6.1.55-1+2
CVEListV5linux/linuxf948d6d8b792bb90041edc12eac35faf8303099401bb96ad38089f5cc6de7746dac13437d35eb1dc+5
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53856: In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call of_changeset_init() early When of_overlay_fdt_apply() fails, the2025-12-09
OSV
of: overlay: Call of_changeset_init() early2025-12-09
GHSA
GHSA-v9q6-qjf3-fr39: In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call of_changeset_init() early When of_overlay_fdt_apply() fails, t2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: of: overlay: Call of_changeset_init() early2025-12-09
Debian
CVE-2023-53856: linux - In the Linux kernel, the following vulnerability has been resolved: of: overlay...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53856 Impact, Exploitability, and Mitigation Steps | Wiz