-

CVE-2023-53856

EPSS 0.02%
Veröffentlicht 09.12.2025 01:30:22
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

of: overlay: Call of_changeset_init() early

In the Linux kernel, the following vulnerability has been resolved:

of: overlay: Call of_changeset_init() early

When of_overlay_fdt_apply() fails, the changeset may be partially
applied, and the caller is still expected to call of_overlay_remove() to
clean up this partial state.

However, of_overlay_apply() calls of_resolve_phandles() before
init_overlay_changeset().  Hence if the overlay fails to apply due to an
unresolved symbol, the overlay_changeset.cset.entries list is still
uninitialized, and cleanup will crash with a NULL-pointer dereference in
overlay_removal_is_ok().

Fix this by moving the call to of_changeset_init() from
init_overlay_changeset() to of_overlay_fdt_apply(), where all other
early initialization is done.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version f948d6d8b792bb90041edc12eac35faf83030994

Version < 01bb96ad38089f5cc6de7746dac13437d35eb1dc

Status affected

Version f948d6d8b792bb90041edc12eac35faf83030994

Version < 3fb210cd521c9efcb211e9f5ce40fc907200bf13

Status affected

Version f948d6d8b792bb90041edc12eac35faf83030994

Version < be86241bf5d1efd16d8a7231c13b33459c5d755d

Status affected

Version f948d6d8b792bb90041edc12eac35faf83030994

Version < c403c81b577a67fe9ec6a2e89d143256487be50f

Status affected

Version f948d6d8b792bb90041edc12eac35faf83030994

Version < a9515ff4fb142b690a0d2b58782b15903b990dba

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.15

Status affected

Version 0

Version < 4.15

Status unaffected

Version <= 5.15.*

Version 5.15.132

Status unaffected

Version <= 6.1.*

Version 6.1.53

Status unaffected

Version <= 6.4.*

Version 6.4.16

Status unaffected

Version <= 6.5.*

Version 6.5.3

Status unaffected

Version <= *

Version 6.6

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.062

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/01bb96ad38089f5cc6de7746dac13437d35eb1dc

https://git.kernel.org/stable/c/3fb210cd521c9efcb211e9f5ce40fc907200bf13

https://git.kernel.org/stable/c/be86241bf5d1efd16d8a7231c13b33459c5d755d

https://git.kernel.org/stable/c/c403c81b577a67fe9ec6a2e89d143256487be50f

https://git.kernel.org/stable/c/a9515ff4fb142b690a0d2b58782b15903b990dba

https://nvd.nist.gov/vuln/detail/CVE-2023-53856

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53856

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53856

EUVD