CVE-2023-54044
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux Kernel SPMI Driver Removal

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver: dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic] __do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0 If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54044
EUVD
EUVD-2023-60282
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's SPMI driver removal process. When removing a SPMI driver that does not have a remove callback defined, the kernel may attempt to call a NULL pointer, causing a crash. The issue arises because the code did not check if the remove callback was present before calling it. This has been fixed by adding a check for the remove callback before calling it during driver removal.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the check for the remove callback in the SPMI driver removal process has been added. This prevents crashes due to NULL pointer dereference when removing SPMI drivers without a remove callback. Applying the latest kernel patches or updates that include this fix is the recommended immediate step.


How can this vulnerability impact me? :

If you remove a SPMI driver without a defined remove callback, the system could crash due to a NULL pointer dereference. This could lead to system instability or downtime, especially if the affected driver is critical to your hardware's operation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart