CVE-2023-54087
Published: Dec 24, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubi_free_volume() It willl cause null-ptr-deref in the following case: uif_init() ubi_add_volume() cdev_add() -> if it fails, call kill_volumes() device_register() kill_volumes() -> if ubi_add_volume() fails call this function ubi_free_volume() cdev_del() device_unregister() -> trying to delete a not added device, it causes null-ptr-deref So in ubi_free_volume(), it delete devices whether they are added or not, it will causes null-ptr-deref. Handle the error case whlie calling ubi_add_volume() to fix this problem. If add volume fails, set the corresponding vol to null, so it can not be accessed in kill_volumes() and release the resource in ubi_add_volume() error path.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 801c135ce73d5df1caf3eca35b66a10824ae0707 - < 5558bcf1c58720ca6e9d6198d921cb3aa337f038affected 801c135ce73d5df1caf3eca35b66a10824ae0707 - < 45b2c5ca4d2edae70f19fdb086bd927840c4c309affected 801c135ce73d5df1caf3eca35b66a10824ae0707 - < 234c53e57424992e657e6f4acc00d3df0983176faffected 801c135ce73d5df1caf3eca35b66a10824ae0707 - < fcbc795abe7897da4b5d2a6ab5010e36774b00c2affected 801c135ce73d5df1caf3eca35b66a10824ae0707 - < 5ec4c8aca5a221756a9007deadfea92795319fee+3 more versions |
Linux | Linux | affected 2.6.22unaffected 0 - < 2.6.22unaffected 4.14.308 - <= 4.14.*unaffected 4.19.276 - <= 4.19.*unaffected 5.4.235 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now