CVE-2023-54309 — Use of Uninitialized Resource in Linux

CWE-908 — Use of Uninitialized Resource7 documents6 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueue' as the very first step of the driver initialization.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.8.0 — 4.14.322+6

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux6f99612e250041a2402d3b1694bccb149cd424a4 — 509d21f1c4bb9d35d397fca3226165b156a7639f+8

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-gc92-cfvx-57qj: In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is m↗2025-12-30

▶

OSV

tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation↗2025-12-30

▶

OSV

CVE-2023-54309: In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is mad↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation↗2025-12-30

▶

Debian

CVE-2023-54309: linux - In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vt...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54309 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶