Bug 2425011 (CVE-2023-54053) - CVE-2023-54053 kernel: Linux kernel: Denial of Service in iwlwifi due to NULL pointer dereference
Summary: CVE-2023-54053 kernel: Linux kernel: Denial of Service in iwlwifi due to NULL...
Keywords:
Status: NEW
Alias: CVE-2023-54053
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-24 13:01 UTC by OSIDB Bzimport
Modified: 2026-01-02 17:43 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-24 13:01:45 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: pcie: fix possible NULL pointer dereference

It is possible that iwl_pci_probe() will fail and free the trans,
then afterwards iwl_pci_remove() will be called and crash by trying
to access trans which is already freed, fix it.

iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2
		      wfpm id 0xa5a5a5a2
iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2
...
BUG: kernel NULL pointer dereference, address: 0000000000000028
...
RIP: 0010:iwl_pci_remove+0x12/0x30 [iwlwifi]
pci_device_remove+0x3e/0xb0
device_release_driver_internal+0x103/0x1f0
driver_detach+0x4c/0x90
bus_remove_driver+0x5c/0xd0
driver_unregister+0x31/0x50
pci_unregister_driver+0x40/0x90
iwl_pci_unregister_driver+0x15/0x20 [iwlwifi]
__exit_compat+0x9/0x98 [iwlwifi]
__x64_sys_delete_module+0x147/0x260
Comment 1 Alexander B 2025-12-25 09:05:38 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122425-CVE-2023-54053-9a4e@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.