CVE-2023-54118Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc

Affected Packages4 packages

Linuxlinux/linux_kernel3.16.05.10.173+3
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxdfeae619d781dee61666d5551b93ba3be755a86b17b96b5c19bec791b433890549e44ca523dc82aa+5
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-c243-ghfx-233w: In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller comp2025-12-24
OSV
serial: sc16is7xx: setup GPIO controller later in probe2025-12-24
OSV
CVE-2023-54118: In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller compon2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: serial: sc16is7xx: setup GPIO controller later in probe2025-12-24
Debian
CVE-2023-54118: linux - In the Linux kernel, the following vulnerability has been resolved: serial: sc1...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54118 Impact, Exploitability, and Mitigation Steps | Wiz