2425160 – (CVE-2023-54087) CVE-2023-54087 kernel: Linux kernel (UBI): Denial of Service due to improper error handling

Bug 2425160 (CVE-2023-54087) - CVE-2023-54087 kernel: Linux kernel (UBI): Denial of Service due to improper error handling

Summary: CVE-2023-54087 kernel: Linux kernel (UBI): Denial of Service due to improper ...

Keywords:
Status:	NEW
Alias:	CVE-2023-54087
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 14:07 UTC by OSIDB Bzimport
Modified:	2026-02-23 19:09 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 14:07:27 UTC

In the Linux kernel, the following vulnerability has been resolved:

ubi: Fix possible null-ptr-deref in ubi_free_volume()

It willl cause null-ptr-deref in the following case:

uif_init()
  ubi_add_volume()
    cdev_add() -> if it fails, call kill_volumes()
    device_register()

kill_volumes() -> if ubi_add_volume() fails call this function
  ubi_free_volume()
    cdev_del()
    device_unregister() -> trying to delete a not added device,
			   it causes null-ptr-deref

So in ubi_free_volume(), it delete devices whether they are added
or not, it will causes null-ptr-deref.

Handle the error case whlie calling ubi_add_volume() to fix this
problem. If add volume fails, set the corresponding vol to null,
so it can not be accessed in kill_volumes() and release the
resource in ubi_add_volume() error path.

Comment 1 Alexander B 2025-12-24 22:11:06 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122405-CVE-2023-54087-38fe@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.