Linux Kernel Vulnerability in Overlay Management by Linux Foundation
CVE-2023-53856

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2023-53856?

A vulnerability exists in the Linux kernel related to the overlay management system. The issue arises during the early initialization process where calls to 'of_changeset_init()' are incorrectly placed. If 'of_overlay_fdt_apply()' fails due to an unresolved symbol, it leads to an uninitialized state in the 'overlay_changeset.cset.entries' list. Consequently, any attempt to clean up this partial overlay state will trigger a NULL-pointer dereference, resulting in a crash. The solution involves repositioning the initialization call to where other early setups occur to ensure proper state management during overlay applications.

Affected Version(s)

Linux f948d6d8b792bb90041edc12eac35faf83030994 < 01bb96ad38089f5cc6de7746dac13437d35eb1dc

Linux f948d6d8b792bb90041edc12eac35faf83030994 < 3fb210cd521c9efcb211e9f5ce40fc907200bf13

Linux f948d6d8b792bb90041edc12eac35faf83030994

References

https://git.kernel.org/stable/c/01bb96ad38089f5cc6de7746d...

https://git.kernel.org/stable/c/3fb210cd521c9efcb211e9f5c...

https://git.kernel.org/stable/c/be86241bf5d1efd16d8a7231c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

JSON