CVE-2023-54326Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the device creates a small race window for IRQs to be received with the test device memory already released, causing the IRQ handler to access invalid memory, resulting in an oops. Free the device IRQs before removing the device to avoid this issue.

Affected Packages4 packages

Linuxlinux/linux_kernel4.19.04.19.291+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxe03327122e2c8e6ae4565ef5b3d3cbe4364546a1fb7f8bdb886f2ebf35ee5edaf2bf5f02b063ddb7+7
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54326: In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test2025-12-30
GHSA
GHSA-87qv-rjw5-q2ph: In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_te2025-12-30
OSV
misc: pci_endpoint_test: Free IRQs before removing the device2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: misc: pci_endpoint_test: Free IRQs before removing the device2025-12-30
Debian
CVE-2023-54326: linux - In the Linux kernel, the following vulnerability has been resolved: misc: pci_e...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54326 Impact, Exploitability, and Mitigation Steps | Wiz