CVE-2023-54053
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux iwlwifi PCI Driver Causes Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans which is already freed, fix it. iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2 wfpm id 0xa5a5a5a2 iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2 ... BUG: kernel NULL pointer dereference, address: 0000000000000028 ... RIP: 0010:iwl_pci_remove+0x12/0x30 [iwlwifi] pci_device_remove+0x3e/0xb0 device_release_driver_internal+0x103/0x1f0 driver_detach+0x4c/0x90 bus_remove_driver+0x5c/0xd0 driver_unregister+0x31/0x50 pci_unregister_driver+0x40/0x90 iwl_pci_unregister_driver+0x15/0x20 [iwlwifi] __exit_compat+0x9/0x98 [iwlwifi] __x64_sys_delete_module+0x147/0x260
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54053
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intel iwlwifi *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a possible NULL pointer dereference in the Linux kernel's iwlwifi driver for Intel wireless devices. Specifically, if the function iwl_pci_probe() fails and frees a resource called 'trans', the subsequent call to iwl_pci_remove() may try to access this already freed 'trans' pointer, causing a crash.

Impact Analysis

This vulnerability can cause the system to crash due to a NULL pointer dereference in the wireless driver, potentially leading to denial of service or instability in systems using affected Intel wireless hardware.

Detection Guidance

Detection can be done by monitoring system logs for kernel NULL pointer dereference crashes related to the iwlwifi driver. Look for log entries mentioning 'iwlwifi', 'iwl_pci_remove', or messages like 'BUG: kernel NULL pointer dereference' and specific identifiers such as 'crf-id 0xa5a5a5a2'. Commands such as 'dmesg | grep iwlwifi' or 'journalctl -k | grep iwlwifi' can help identify these issues.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this iwlwifi NULL pointer dereference issue is fixed. Until then, avoid unloading or removing the iwlwifi driver module to prevent triggering the crash. Monitoring system stability and avoiding operations that unload the iwlwifi driver can reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54053. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart