CVE-2023-53658:

Linux kernel vulnerability in bcm-qspi driver causing potential null pointer dereference on device removal.

Score
A numerical rating that indicates how dangerous this vulnerability is.

5.5Medium

Published Date:Oct 7, 2025
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:11%

Exploitability

Score:1.8
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:LOW
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:3.6
Confidentiality Impact:NONE
Integrity Impact:NONE
Availability Impact:HIGH

Description Preview

Linux kernel vulnerability in bcm-qspi driver causing potential null pointer dereference on device removal.

Overview

The vulnerability affects the bcm-qspi driver in the Linux kernel. It stems from improper error handling when specific hardware resources are unavailable. This can lead to a null pointer dereference, potentially causing system instability or crashes. The issue is particularly concerning as it manifests during device removal, which could complicate system maintenance or hardware changes. While not directly exploitable for arbitrary code execution, this vulnerability represents a significant reliability and stability risk for affected systems.

Remediation

The fix involves modifying the driver to use devm_ioremap_resource() unconditionally. This function can handle a NULL resource and will return a valid ERR_PTR() in such cases. This change ensures proper error handling and prevents the null pointer dereference. System administrators and developers using affected Linux kernel versions should update to a patched version as soon as it becomes available. In the interim, caution should be exercised when working with systems that might use the bcm-qspi driver, especially during hardware removal or system shutdown procedures.