CVE-2023-53658

EUVD-2025-31957

07.10.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

spi: bcm-qspi: return error if neither hif_mspi nor mspi is available

If neither a "hif_mspi" nor "mspi" resource is present, the driver will
just early exit in probe but still return success. Apart from not doing
anything meaningful, this would then also lead to a null pointer access
on removal, as platform_get_drvdata() would return NULL, which it would
then try to dereference when trying to unregister the spi master.

Fix this by unconditionally calling devm_ioremap_resource(), as it can
handle a NULL res and will then return a viable ERR_PTR() if we get one.

The "return 0;" was previously a "goto qspi_resource_err;" where then
ret was returned, but since ret was still initialized to 0 at this place
this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix
use-after-free on unbind"). The issue was not introduced by this commit,
only made more obvious.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	4.9 ≤ 𝑥 < 4.14.322
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.291
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.251
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.188
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.121
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.39
linux	linux_kernel	6.2 ≤ 𝑥 < 6.4.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
forky	6.16.9-1 fixed
sid	6.16.11-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/217b6ea8cf7b819477bca597a6ae2d43d38ba283

https://git.kernel.org/stable/c/22ae32d80ef590d12a2364e4621f90f7c58445c7

https://git.kernel.org/stable/c/32b9c8f7892c19f7f5c9fed5fb410b9fd5990bb6

https://git.kernel.org/stable/c/398e6a015877d44327f754aeb48ff3354945c78c

https://git.kernel.org/stable/c/7c1f23ad34fcdace50275a6aa1e1969b41c6233f

https://git.kernel.org/stable/c/a91c34357afcfaa5307e254f22a8452550a07b34

https://git.kernel.org/stable/c/d20db3c58a7f9361e370a7850ceb60dbdf62eea3

https://git.kernel.org/stable/c/d3dcdb43c872a3b967345144151a2c9bb9124c9b