CVE-2023-53364
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.4.7 (inc) to 6.4.12 (exc) |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's regulator for da9063. It involves a null pointer dereference issue in the device tree (DT) handling. The original patch to fix this had two versions, but the first version was merged by mistake. The correct fix (V2) avoids dereferencing the pointer entirely, even to take its address, which prevents potential problems with some compilers. Updating to the V2 patch resolves the issue.
How can this vulnerability impact me? :
The vulnerability could cause the Linux kernel to dereference a null pointer, potentially leading to kernel crashes or instability. This can affect system reliability and availability, possibly causing unexpected reboots or failures in devices using the da9063 regulator.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to include the V2 patch that fixes the null pointer dereference issue in the regulator: da9063 driver. The V2 patch completely avoids dereferencing the pointer and is safer than the originally merged V1 patch.