CVE-2023-54118 (GCVE-0-2023-54118)

Vulnerability from cvelistv5 – Published: 2025-12-24 13:06 – Updated: 2025-12-24 13:06
VLAI?
Title
serial: sc16is7xx: setup GPIO controller later in probe
Summary
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx] ... Call trace: sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] gpiod_direction_output_raw_commit+0x64/0x318 gpiod_direction_output+0xb0/0x170 create_gpio_led+0xec/0x198 gpio_led_probe+0x16c/0x4f0 platform_drv_probe+0x5c/0xb0 really_probe+0xe8/0x448 driver_probe_device+0xe8/0x138 __device_attach_driver+0x94/0x118 bus_for_each_drv+0x8c/0xe0 __device_attach+0x100/0x1b8 device_initial_probe+0x28/0x38 bus_probe_device+0xa4/0xb0 deferred_probe_work_func+0x90/0xe0 process_one_work+0x1c4/0x480 worker_thread+0x54/0x430 kthread+0x138/0x150 ret_from_fork+0x10/0x1c This patch moves the setup of the GPIO controller functions to later in the probe function, ensuring the sc16is7xx device has already finished initialising by the time other devices try to make use of the GPIO lines. The error handling has also been reordered to reflect the new initialisation order.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 17b96b5c19bec791b433890549e44ca523dc82aa (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 49b326ce8a686428d8cbb82ed74fc88ed3f95a51 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f57c2164d082a36d177ab7fbf54c18970df89c22 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b71ff206707855ce73c04794c76f7b678b2d4f72 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c8f71b49ee4d28930c4a6798d1969fa91dc4ef3e (git)
Create a notification for this product.
    Linux Linux Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.100 , ≤ 5.15.* (semver)
Unaffected: 6.1.18 , ≤ 6.1.* (semver)
Unaffected: 6.2.5 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/sc16is7xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "17b96b5c19bec791b433890549e44ca523dc82aa",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "49b326ce8a686428d8cbb82ed74fc88ed3f95a51",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f57c2164d082a36d177ab7fbf54c18970df89c22",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b71ff206707855ce73c04794c76f7b678b2d4f72",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c8f71b49ee4d28930c4a6798d1969fa91dc4ef3e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/sc16is7xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.100",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: setup GPIO controller later in probe\n\nThe GPIO controller component of the sc16is7xx driver is setup too\nearly, which can result in a race condition where another device tries\nto utilise the GPIO lines before the sc16is7xx device has finished\ninitialising.\n\nThis issue manifests itself as an Oops when the GPIO lines are configured:\n\n    Unable to handle kernel read from unreadable memory at virtual address\n    ...\n    pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\n    lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx]\n    ...\n    Call trace:\n    sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\n    gpiod_direction_output_raw_commit+0x64/0x318\n    gpiod_direction_output+0xb0/0x170\n    create_gpio_led+0xec/0x198\n    gpio_led_probe+0x16c/0x4f0\n    platform_drv_probe+0x5c/0xb0\n    really_probe+0xe8/0x448\n    driver_probe_device+0xe8/0x138\n    __device_attach_driver+0x94/0x118\n    bus_for_each_drv+0x8c/0xe0\n    __device_attach+0x100/0x1b8\n    device_initial_probe+0x28/0x38\n    bus_probe_device+0xa4/0xb0\n    deferred_probe_work_func+0x90/0xe0\n    process_one_work+0x1c4/0x480\n    worker_thread+0x54/0x430\n    kthread+0x138/0x150\n    ret_from_fork+0x10/0x1c\n\nThis patch moves the setup of the GPIO controller functions to later in the\nprobe function, ensuring the sc16is7xx device has already finished\ninitialising by the time other devices try to make use of the GPIO lines.\nThe error handling has also been reordered to reflect the new\ninitialisation order."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:06:38.998Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/17b96b5c19bec791b433890549e44ca523dc82aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/49b326ce8a686428d8cbb82ed74fc88ed3f95a51"
        },
        {
          "url": "https://git.kernel.org/stable/c/f57c2164d082a36d177ab7fbf54c18970df89c22"
        },
        {
          "url": "https://git.kernel.org/stable/c/b71ff206707855ce73c04794c76f7b678b2d4f72"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8f71b49ee4d28930c4a6798d1969fa91dc4ef3e"
        }
      ],
      "title": "serial: sc16is7xx: setup GPIO controller later in probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54118",
    "datePublished": "2025-12-24T13:06:38.998Z",
    "dateReserved": "2025-12-24T13:02:52.520Z",
    "dateUpdated": "2025-12-24T13:06:38.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54118\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:13.737\",\"lastModified\":\"2025-12-24T13:16:13.737\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nserial: sc16is7xx: setup GPIO controller later in probe\\n\\nThe GPIO controller component of the sc16is7xx driver is setup too\\nearly, which can result in a race condition where another device tries\\nto utilise the GPIO lines before the sc16is7xx device has finished\\ninitialising.\\n\\nThis issue manifests itself as an Oops when the GPIO lines are configured:\\n\\n    Unable to handle kernel read from unreadable memory at virtual address\\n    ...\\n    pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\\n    lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx]\\n    ...\\n    Call trace:\\n    sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\\n    gpiod_direction_output_raw_commit+0x64/0x318\\n    gpiod_direction_output+0xb0/0x170\\n    create_gpio_led+0xec/0x198\\n    gpio_led_probe+0x16c/0x4f0\\n    platform_drv_probe+0x5c/0xb0\\n    really_probe+0xe8/0x448\\n    driver_probe_device+0xe8/0x138\\n    __device_attach_driver+0x94/0x118\\n    bus_for_each_drv+0x8c/0xe0\\n    __device_attach+0x100/0x1b8\\n    device_initial_probe+0x28/0x38\\n    bus_probe_device+0xa4/0xb0\\n    deferred_probe_work_func+0x90/0xe0\\n    process_one_work+0x1c4/0x480\\n    worker_thread+0x54/0x430\\n    kthread+0x138/0x150\\n    ret_from_fork+0x10/0x1c\\n\\nThis patch moves the setup of the GPIO controller functions to later in the\\nprobe function, ensuring the sc16is7xx device has already finished\\ninitialising by the time other devices try to make use of the GPIO lines.\\nThe error handling has also been reordered to reflect the new\\ninitialisation order.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/17b96b5c19bec791b433890549e44ca523dc82aa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/49b326ce8a686428d8cbb82ed74fc88ed3f95a51\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b71ff206707855ce73c04794c76f7b678b2d4f72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c8f71b49ee4d28930c4a6798d1969fa91dc4ef3e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f57c2164d082a36d177ab7fbf54c18970df89c22\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.