CVE-2023-53206
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus_core) Fix NULL pointer dereference Pass i2c_client to _pmbus_is_enabled to drop the assumption that a regulator device is passed in. This will fix the issue of a NULL pointer dereference when called from _pmbus_get_flags.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53206
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.4 (inc) to 6.4.8 (exc)
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's hwmon subsystem, specifically in the pmbus_core component. It occurs because the code incorrectly assumes that a regulator device is passed to the function _pmbus_is_enabled, but sometimes a NULL pointer is passed instead, leading to a crash when _pmbus_get_flags calls it.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or become unstable due to a NULL pointer dereference, potentially leading to denial of service or system instability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53206. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart