Null Pointer Dereference in Linux Kernel Driver Core Issue
CVE-2023-54321

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 December 2025

What is CVE-2023-54321?

The Linux kernel contains a vulnerability in the driver core where a null pointer dereference can occur during the device addition process. This issue arises when the device's driver is set but the driver is not fully bound. Specifically, if an error occurs post bus_add_device() call in device_add(), and bus_remove_device() is triggered without a corresponding device_bind_driver() call, it results in an attempt to access a null 'knode_driver'. The fix involves ensuring that the device's driver pointer is nulled out on error paths before any device removal processes occur.

Affected Version(s)

Linux 57eee3d23e8833ca18708b374c648235691942ba < 2c59650d078b1b3f1ea50d5f8ee9fcc537dc02d3

Linux 57eee3d23e8833ca18708b374c648235691942ba < 7cf515bf9e8c2908dc170ecf2df117162a16c9c5

Linux 57eee3d23e8833ca18708b374c648235691942ba < 17982304806c5c10924e73f7ca5556e0d7378452

References

https://git.kernel.org/stable/c/2c59650d078b1b3f1ea50d5f8...

https://git.kernel.org/stable/c/7cf515bf9e8c2908dc170ecf2...

https://git.kernel.org/stable/c/17982304806c5c10924e73f7c...

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 30, 2025

JSON