CVE-2023-54044

Dec. 24, 2025, 1:16 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver: dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic] __do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0 If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4
https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408
https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c
https://git.kernel.org/stable/c/699949219e35fe29fd42ccf8cd92c989c3d15109
https://git.kernel.org/stable/c/af763c29b9e7040fedd0077bca053b101438a3a4
https://git.kernel.org/stable/c/b56eef3e16d888883fefab47425036de80dd38fc
https://git.kernel.org/stable/c/b95a69214daea4aab1c8bad96571d988a62e2c97
https://git.kernel.org/stable/c/c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b
https://git.kernel.org/stable/c/ee0b6146317a98bfec848d7bde5586beb245a38f

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-12-24
CVE-2023-54044

Timeline

Published: Dec. 24, 2025, 1:16 p.m.
Last Modified: Dec. 24, 2025, 1:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.