CVE-2023-54083Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy. When we try to destroy the port dev, it will destroy its dev driver as well. But we did not remove the reference from usb-phy dev. This might cause the use-after-free issue in KASAN.

Affected Packages4 packages

Linuxlinux/linux_kernel5.7.05.10.188+3
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxe8f7d2f409a15c519d5a6085777d85c1c4bab73ab6a107c52073496d2e5d2837915f59fb3103832f+5
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-mr7q-47cq-r2xm: In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role po2025-12-24
OSV
phy: tegra: xusb: Clear the driver reference in usb-phy dev2025-12-24
OSV
CVE-2023-54083: In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: phy: tegra: xusb: Clear the driver reference in usb-phy dev2025-12-24
Debian
CVE-2023-54083: linux - In the Linux kernel, the following vulnerability has been resolved: phy: tegra:...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54083 Impact, Exploitability, and Mitigation Steps | Wiz