CVE-2023-54058NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Currently ffa_drv->remove() is called unconditionally from ffa_device_remove(). Since the driver registration doesn't check for it and allows it to be registered without .remove callback, we need to check for the presence of it before executing it from ffa_device_remove() to above a NULL pointer dereference like the one below: | Unable to handle kernel

Affected Packages4 packages

Linuxlinux/linux_kernel5.15.05.15.114+2
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux244f5d597e1ea519c2085fbd9819458688775e426a26c62625c59b8dd7f52c518cb4f60a63470a0e+5
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54058: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Currentl2025-12-24
GHSA
GHSA-chjw-9fmq-6p9g: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check if ffa_driver remove is present before executing Curren2025-12-24
OSV
firmware: arm_ffa: Check if ffa_driver remove is present before executing2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: firmware: arm_ffa: Check if ffa_driver remove is present before executing2025-12-24
Debian
CVE-2023-54058: linux - In the Linux kernel, the following vulnerability has been resolved: firmware: a...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54058 Impact, Exploitability, and Mitigation Steps | Wiz