ghsa-vx9r-hw29-38g6
Vulnerability from github
Published
2025-12-24 15:30
Modified
2025-12-24 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

spmi: Add a check for remove callback when removing a SPMI driver

When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver:

dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic] __do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0

If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54044"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:06Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspmi: Add a check for remove callback when removing a SPMI driver\n\nWhen removing a SPMI driver, there can be a crash due to NULL pointer\ndereference if it does not have a remove callback defined. This is\none such call trace observed when removing the QCOM SPMI PMIC driver:\n\n dump_backtrace.cfi_jt+0x0/0x8\n dump_stack_lvl+0xd8/0x16c\n panic+0x188/0x498\n __cfi_slowpath+0x0/0x214\n __cfi_slowpath+0x1dc/0x214\n spmi_drv_remove+0x16c/0x1e0\n device_release_driver_internal+0x468/0x79c\n driver_detach+0x11c/0x1a0\n bus_remove_driver+0xc4/0x124\n driver_unregister+0x58/0x84\n cleanup_module+0x1c/0xc24 [qcom_spmi_pmic]\n __do_sys_delete_module+0x3ec/0x53c\n __arm64_sys_delete_module+0x18/0x28\n el0_svc_common+0xdc/0x294\n el0_svc+0x38/0x9c\n el0_sync_handler+0x8c/0xf0\n el0_sync+0x1b4/0x1c0\n\nIf a driver has all its resources allocated through devm_() APIs and\ndoes not need any other explicit cleanup, it would not require a\nremove callback to be defined. Hence, add a check for remove callback\npresence before calling it when removing a SPMI driver.",
  "id": "GHSA-vx9r-hw29-38g6",
  "modified": "2025-12-24T15:30:35Z",
  "published": "2025-12-24T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54044"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/699949219e35fe29fd42ccf8cd92c989c3d15109"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af763c29b9e7040fedd0077bca053b101438a3a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b56eef3e16d888883fefab47425036de80dd38fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b95a69214daea4aab1c8bad96571d988a62e2c97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee0b6146317a98bfec848d7bde5586beb245a38f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.