CVE-2023-53638

EUVD-2025-31993

07.10.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep: cancel queued works in probe error path

If it fails to get the devices's MAC address, octep_probe exits while
leaving the delayed work intr_poll_task queued. When the work later
runs, it's a use after free.

Move the cancelation of intr_poll_task from octep_remove into
octep_device_cleanup. This does not change anything in the octep_remove
flow, but octep_device_cleanup is called also in the octep_probe error
path, where the cancelation is needed.

Note that the cancelation of ctrl_mbox_task has to follow
intr_poll_task's, because the ctrl_mbox_task may be queued by
intr_poll_task.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.4 ≤ 𝑥 < 6.4.12
linux	linux_kernel	6.5:rc1
linux	linux_kernel	6.5:rc2
linux	linux_kernel	6.5:rc3
linux	linux_kernel	6.5:rc4
linux	linux_kernel	6.5:rc5
linux	linux_kernel	6.5:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 not-affected
bookworm (security)	6.1.153-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
forky	6.16.9-1 fixed
sid	6.16.11-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/62312e2f6466b5f0a120542a38b410d88a34ed00

https://git.kernel.org/stable/c/758c91078165ae641b698750a72eafe7968b3756