Use-After-Free Vulnerability in Linux Kernel PCI Subsystem
CVE-2023-53363

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 September 2025

What is CVE-2023-53363?

A use-after-free vulnerability has been identified in the PCI subsystem of the Linux kernel. This flaw occurs during the cleanup of bus removal, specifically within the function pci_bus_release_domain_nr(), which accesses memory that has already been deallocated. This issue emerged after recent code modifications and has been linked to improper management of memory during device deregistration. Proper reordering of function calls during the teardown process is critical to preventing this security risk. It emphasizes the importance of careful memory management in kernel development to thwart potential exploitation vectors that could arise from accessing freed memory.

Affected Version(s)

Linux f8b6bd6c04d4dfc4c200e6fa306e61e3b42ec5fc < 52b0343c7d628f37b38e3279ba585526b850ad3b

Linux db273126bf548a2dc611372e8f6a817b2b16b563

Linux ead4d69b3ef047b0f670511d81e9ced7ac876b44

References

https://git.kernel.org/stable/c/52b0343c7d628f37b38e3279b...
https://git.kernel.org/stable/c/ad367516b1c09317111255ecf...
https://git.kernel.org/stable/c/fbf45385e3419b8698b5e0a43...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53363 : Use-After-Free Vulnerability in Linux Kernel PCI Subsystem