Bug 2402223 (CVE-2023-53658) - CVE-2023-53658 kernel: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Summary: CVE-2023-53658 kernel: spi: bcm-qspi: return error if neither hif_mspi nor ms...
Keywords:
Status: NEW
Alias: CVE-2023-53658
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-07 16:03 UTC by OSIDB Bzimport
Modified: 2025-11-26 12:21 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-07 16:03:49 UTC 
In the Linux kernel, the following vulnerability has been resolved:

spi: bcm-qspi: return error if neither hif_mspi nor mspi is available

If neither a "hif_mspi" nor "mspi" resource is present, the driver will
just early exit in probe but still return success. Apart from not doing
anything meaningful, this would then also lead to a null pointer access
on removal, as platform_get_drvdata() would return NULL, which it would
then try to dereference when trying to unregister the spi master.

Fix this by unconditionally calling devm_ioremap_resource(), as it can
handle a NULL res and will then return a viable ERR_PTR() if we get one.

The "return 0;" was previously a "goto qspi_resource_err;" where then
ret was returned, but since ret was still initialized to 0 at this place
this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix
use-after-free on unbind"). The issue was not introduced by this commit,
only made more obvious.
Comment 1 Jon Moroney 2025-10-07 17:57:53 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53658-3680@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.