Linux Kernel Vulnerability in BCM QSPI Driver
CVE-2023-53658

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 October 2025

What is CVE-2023-53658?

A vulnerability exists in the Linux kernel's BCM QSPI driver, which fails to properly handle error states when neither 'hif_mspi' nor 'mspi' resources are present. Instead of managing the absence of resources correctly, the driver proceeds with a null pointer dereference on removal, potentially leading to system instability. The issue stems from a previous code modification that made the flaw more apparent but was not the root cause. The resolution involves implementing proper error management mechanisms that can gracefully handle null resource situations.

Affected Version(s)

Linux fa236a7ef24048bafaeed13f68df35a819794758

Linux fa236a7ef24048bafaeed13f68df35a819794758 < 398e6a015877d44327f754aeb48ff3354945c78c

References

https://git.kernel.org/stable/c/a91c34357afcfaa5307e254f2...

https://git.kernel.org/stable/c/d20db3c58a7f9361e370a7850...

https://git.kernel.org/stable/c/398e6a015877d44327f754aeb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Oct 7, 2025

JSON