CVE-2023-53176
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs: Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM Turns out that we may still have the serial port hardware specific driver port->pm in use, and serial8250_pm() tries to call it after the port specific driver is gone: serial8250_pm [8250_base] from uart_change_pm+0x54/0x8c [serial_base] uart_change_pm [serial_base] from uart_hangup+0x154/0x198 [serial_base] uart_hangup [serial_base] from __tty_hangup.part.0+0x328/0x37c __tty_hangup.part.0 from disassociate_ctty+0x154/0x20c disassociate_ctty from do_exit+0x744/0xaac do_exit from do_group_exit+0x40/0x8c do_group_exit from __wake_up_parent+0x0/0x1c Let's fix the issue by calling serial8250_set_defaults() in serial8250_unregister_port(). This will set the port back to using the serial8250 default functions, and sets the port->pm to point to serial8250_pm.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-02
Generated
2026-05-27
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-25
NVD
CVE-2023-53176
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.14.316 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.284 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.244 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.181 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.113 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.30 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's serial 8250 driver. When a hardware-specific 8250 serial port driver is unbound, the generic serial8250 driver takes over the port. However, the system may still reference the port-specific driver's power management (pm) functions, which no longer exist, causing an internal error and system crash (oops) about 10 seconds later. The issue is fixed by resetting the port to use the default serial8250 functions and pm handler when unregistering the port.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash or experience an internal error (oops) when unbinding a serial port driver, potentially leading to system instability or downtime on affected devices, especially those using certain TI System on Chips (SoCs).


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel logs for oops messages related to the serial8250 driver, specifically looking for 'Unhandled fault: imprecise external abort (0x1406)' and internal errors referencing serial8250_pm or uart_change_pm functions. Commands such as 'dmesg | grep -i serial8250' or 'journalctl -k | grep -i serial8250' can help identify these error messages in the system logs.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix where serial8250_set_defaults() is called in serial8250_unregister_port(). This ensures the port is reset to use the serial8250 default functions and prevents the use of a stale port->pm pointer after unbinding the port-specific driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart