CVE-2023-54220Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port->pm on uart_change_pm() Unloading a hardware specific 8250 driver can produce error "Unable to handle kernel paging request at virtual address" about ten seconds after unloading the driver. This happens on uart_hangup() calling uart_change_pm(). Turns out commit 04e82793f068 ("serial: 8250: Reinit port->pm on port specific driver unbind") was only a partial fix. If the hardware specific driver

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.04.19.293+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux490bf37eaabb0a857ed1ae8e75d8854e41662f1c66f3e55960698c874b0598277913b478ecd29573+9
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54220: In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port->pm on uart_change_pm() Unloading a hardware speci2025-12-30
OSV
serial: 8250: Fix oops for port->pm on uart_change_pm()2025-12-30
GHSA
GHSA-ghxp-vq7f-3f7c: In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port->pm on uart_change_pm() Unloading a hardware spe2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: serial: 8250: Fix oops for port->pm on uart_change_pm()2025-12-30
Debian
CVE-2023-54220: linux - In the Linux kernel, the following vulnerability has been resolved: serial: 825...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54220 Impact, Exploitability, and Mitigation Steps | Wiz