CVE-2023-53479

Published: Oct 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxl_parse_cfmws() KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxl_decoder_add() fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in cxl_parse_cfmws (drivers/cxl/acpi.c:299) This happens in cxl_parse_cfmws(), where put_device() is called, releasing cxld, which is accessed later. Use the local variables in the dev_err() instead of pointing to the released memory. Since the dev_err() is printing a resource, change the open coded print format to use the %pr format specifier.

Vendor	Product	Versions
Linux	Linux	affected `e50fe01e1f2a4aba2275edee7d5c77ac87674ddb - < 748fadc08bcbdaf573b34d9784bb3dbd87441dbf` affected `e50fe01e1f2a4aba2275edee7d5c77ac87674ddb - < 316db489647b8ddc381682597e89787eac61a278` affected `e50fe01e1f2a4aba2275edee7d5c77ac87674ddb - < 4cf67d3cc9994a59cf77bb9c0ccf9007fe916afe`
Linux	Linux	affected `6.0` unaffected `0 - < 6.0` unaffected `6.1.43 - <= 6.1.` unaffected `6.4.8 - <= 6.4.` unaffected `6.5 - <= *`

References

https://git.kernel.org/stable/c/748fadc08bcbdaf573b34d9784bb3dbd87441dbf

https://git.kernel.org/stable/c/316db489647b8ddc381682597e89787eac61a278

https://git.kernel.org/stable/c/4cf67d3cc9994a59cf77bb9c0ccf9007fe916afe

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-53479

Description

Affected Products

References