CVE-2023-53480
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for kset->kobj.ktype in kset_register() When I register a kset in the following way: static struct kset my_kset; kobject_set_name(&my_kset.kobj, "my_kset"); ret = kset_register(&my_kset); A null pointer dereference exception is occurred: [ 4453.568337] Unable to handle kernel NULL pointer dereference at \ virtual address 0000000000000028 ... ... [ 4453.810361] Call trace: [ 4453.813062] kobject_get_ownership+0xc/0x34 [ 4453.817493] kobject_add_internal+0x98/0x274 [ 4453.822005] kset_register+0x5c/0xb4 [ 4453.825820] my_kobj_init+0x44/0x1000 [my_kset] ... ... Because I didn't initialize my_kset.kobj.ktype. According to the description in Documentation/core-api/kobject.rst: - A ktype is the type of object that embeds a kobject. Every structure that embeds a kobject needs a corresponding ktype. So add sanity check to make sure kset->kobj.ktype is not NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53480
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel when registering a kset without initializing the kset->kobj.ktype field. The ktype represents the type of object embedding the kobject, and if it is NULL, a null pointer dereference happens during kset registration, causing a kernel crash.

Impact Analysis

This vulnerability can cause a kernel NULL pointer dereference, leading to a system crash or denial of service when a kset is registered without proper initialization. This can affect system stability and availability.

Detection Guidance

This vulnerability can be detected by monitoring kernel logs for null pointer dereference exceptions related to kset registration. Specifically, look for messages like 'Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028' and call traces involving kobject_get_ownership, kobject_add_internal, and kset_register. You can use the command 'dmesg | grep -i "kset_register"' or 'journalctl -k | grep -i "kset_register"' to find such kernel log entries.

Mitigation Strategies

To mitigate this vulnerability, ensure that any kset registration code initializes the kobj.ktype field properly before calling kset_register. Adding a sanity check to verify that kset->kobj.ktype is not NULL before registration will prevent the null pointer dereference. If you are using third-party modules or code, update them to include this initialization or apply patches that add this sanity check.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53480. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart