CVE-2023-54159
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-24

Last updated on: 2025-12-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it may lock @mtu->lock and free qmu ring, then qmu irq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before handling it. e.g. qmu done irq on cpu0 thread running on cpu1 qmu_done_tx() handle gpd [0] mtu3_requ_complete() mtu3_gadget_ep_disable() unlock @mtu->lock give back request lock @mtu->lock mtu3_ep_disable() mtu3_gpd_ring_free() unlock @mtu->lock lock @mtu->lock get next gpd [1] [1]: goto [0] to handle next gpd, and next gpd may be NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-29
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54159
EUVD
EUVD-2023-60286
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's usb mtu3 driver. When handling a qmu transfer interrupt, the code unlocks a lock before returning a request. If another thread simultaneously handles a disconnect event and disables an endpoint, it may lock the same lock and free the qmu ring. This can cause the interrupt handler to access a NULL pointer (gpd), potentially leading to a kernel panic (crash). The fix involves checking the gpd value before handling it to avoid this kernel panic.

Impact Analysis

This vulnerability can cause a kernel panic in the Linux system, leading to a system crash or instability. This can disrupt normal operations, cause data loss, or require a system reboot, impacting system availability and reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54159. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart