-

CVE-2023-54087

EPSS 0.04%
Veröffentlicht 24.12.2025 13:06:17
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ubi: Fix possible null-ptr-deref in ubi_free_volume()

It willl cause null-ptr-deref in the following case:

uif_init()
  ubi_add_volume()
    cdev_add() -> if it fails, call kill_volumes()
    device_register()

kill_volumes() -> if ubi_add_volume() fails call this function
  ubi_free_volume()
    cdev_del()
    device_unregister() -> trying to delete a not added device,
			   it causes null-ptr-deref

So in ubi_free_volume(), it delete devices whether they are added
or not, it will causes null-ptr-deref.

Handle the error case whlie calling ubi_add_volume() to fix this
problem. If add volume fails, set the corresponding vol to null,
so it can not be accessed in kill_volumes() and release the
resource in ubi_add_volume() error path.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5558bcf1c58720ca6e9d6198d921cb3aa337f038

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < 45b2c5ca4d2edae70f19fdb086bd927840c4c309

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < 234c53e57424992e657e6f4acc00d3df0983176f

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < fcbc795abe7897da4b5d2a6ab5010e36774b00c2

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < 5ec4c8aca5a221756a9007deadfea92795319fee

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < 2ea7195b195009ecf0046e55361f393ba96d02db

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < 9eccdb0760cbcb4427b5303a83a3007de998af51

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

Version < c15859bfd326c10230f09cb48a17f8a35f190342

Version 801c135ce73d5df1caf3eca35b66a10824ae0707

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.22

Status affected

Version < 2.6.22

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.308

Status unaffected

Version <= 4.19.*

Version 4.19.276

Status unaffected

Version <= 5.4.*

Version 5.4.235

Status unaffected

Version <= 5.10.*

Version 5.10.173

Status unaffected

Version <= 5.15.*

Version 5.15.100

Status unaffected

Version <= 6.1.*

Version 6.1.18

Status unaffected

Version <= 6.2.*

Version 6.2.5

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/5558bcf1c58720ca6e9d6198d921cb3aa337f038

https://git.kernel.org/stable/c/45b2c5ca4d2edae70f19fdb086bd927840c4c309

https://git.kernel.org/stable/c/234c53e57424992e657e6f4acc00d3df0983176f

https://git.kernel.org/stable/c/fcbc795abe7897da4b5d2a6ab5010e36774b00c2

https://git.kernel.org/stable/c/5ec4c8aca5a221756a9007deadfea92795319fee

https://git.kernel.org/stable/c/2ea7195b195009ecf0046e55361f393ba96d02db

https://git.kernel.org/stable/c/9eccdb0760cbcb4427b5303a83a3007de998af51

https://git.kernel.org/stable/c/c15859bfd326c10230f09cb48a17f8a35f190342

https://nvd.nist.gov/vuln/detail/CVE-2023-54087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54087

EUVD