CVE-2023-53638
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2026-02-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: cancel queued works in probe error path If it fails to get the devices's MAC address, octep_probe exits while leaving the delayed work intr_poll_task queued. When the work later runs, it's a use after free. Move the cancelation of intr_poll_task from octep_remove into octep_device_cleanup. This does not change anything in the octep_remove flow, but octep_device_cleanup is called also in the octep_probe error path, where the cancelation is needed. Note that the cancelation of ctrl_mbox_task has to follow intr_poll_task's, because the ctrl_mbox_task may be queued by intr_poll_task.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53638
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.5
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to a use-after-free condition in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, depending on the exploitation scenario.

Executive Summary

This vulnerability occurs in the Linux kernel's octeon_ep driver. If the driver fails to obtain the device's MAC address during probing, it exits while leaving a delayed work item (intr_poll_task) still queued. When this work later executes, it results in a use-after-free condition because the associated resources have already been freed. The fix involves moving the cancellation of this delayed work to a cleanup function that is called even in the error path, preventing the use-after-free.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the octeon_ep driver includes the fix that moves the cancellation of intr_poll_task into octep_device_cleanup, ensuring proper cleanup in the probe error path. This prevents the use-after-free condition. There are no other specific mitigation steps provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53638. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart