CVE-2023-54027
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux IIO Core Causes Kernel Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent Commit 813665564b3d ("iio: core: Convert to use firmware node handle instead of OF node") switched the kind of nodes to use for label retrieval in device registration. Probably an unwanted change in that commit was that if the device has no parent then NULL pointer is accessed. This is what happens in the stock IIO dummy driver when a new entry is created in configfs: # mkdir /sys/kernel/config/iio/devices/dummy/foo BUG: kernel NULL pointer dereference, address: ... ... Call Trace: __iio_device_register iio_dummy_probe Since there seems to be no reason to make a parent device of an IIO dummy device mandatory, let’s prevent the invalid memory access in __iio_device_register when the parent device is NULL. With this change, the IIO dummy driver works fine with configfs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54027
EUVD
EUVD-2025-205120
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a NULL pointer dereference in the Linux kernel's Industrial I/O (IIO) subsystem. Specifically, after a commit changed how device nodes are handled, if an IIO device has no parent device, the kernel attempts to access a NULL pointer during device registration, causing a crash (BUG). This happens, for example, when creating a new entry in configfs for the IIO dummy driver. The fix prevents invalid memory access when the parent device is NULL, allowing the IIO dummy driver to work correctly without requiring a parent device.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when registering certain IIO devices without a parent device. This can lead to system instability or denial of service, especially if the affected driver or configuration is used. It may disrupt device functionality and impact system reliability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to create a new entry in the IIO dummy device configfs directory and observing if a kernel NULL pointer dereference occurs. For example, running the command: mkdir /sys/kernel/config/iio/devices/dummy/foo may trigger the bug and cause a kernel crash if the system is vulnerable.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that prevents invalid memory access when the parent device is NULL in the IIO dummy driver. Until the patch is applied, avoid creating new entries in /sys/kernel/config/iio/devices/dummy to prevent triggering the NULL pointer dereference.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart