CVE-2023-53341
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when early_init_dt_scan_memory fails If memory has been found early_init_dt_scan_memory now returns 1. If it hasn't found any memory it will return 0, allowing other memory setup mechanisms to carry on. Previously early_init_dt_scan_memory always returned 0 without distinguishing between any kind of memory setup being done or not. Any code path after the early_init_dt_scan memory call in the ramips plat_mem_setup code wouldn't be executed anymore. Making early_init_dt_scan_memory the only way to initialize the memory. Some boards, including my mt7621 based Cudy X6 board, depend on memory initialization being done via the soc_info.mem_detect function pointer. Those wouldn't be able to obtain memory and panic the kernel during early bootup with the message "early_init_dt_alloc_memory_arch: Failed to allocate 12416 bytes align=0x40".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53341
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.17 (inc) to 6.0.19 (exc)
linux linux_kernel From 6.1 (inc) to 6.1.5 (exc)
linux linux_kernel 6.2
linux linux_kernel 6.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's memory initialization process. Specifically, the function early_init_dt_scan_memory did not properly indicate whether memory had been found or not, always returning 0. This caused the system to skip other memory setup mechanisms, relying solely on early_init_dt_scan_memory for memory initialization. As a result, some boards that depend on alternative memory initialization methods, like soc_info.mem_detect, failed to initialize memory properly and caused the kernel to panic during early bootup.

Impact Analysis

If your system uses affected Linux kernel versions on certain hardware platforms (such as mt7621 based boards like the Cudy X6), this vulnerability can cause the kernel to fail to allocate memory during early boot. This leads to a kernel panic and prevents the system from booting properly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53341. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart