1. Home
  2. Vulnerabilities
  3. CVE-2023-53658
0.0
NA
CVE-2023-53658
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Description

In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer access on removal, as platform_get_drvdata() would return NULL, which it would then try to dereference when trying to unregister the spi master. Fix this by unconditionally calling devm_ioremap_resource(), as it can handle a NULL res and will then return a viable ERR_PTR() if we get one. The "return 0;" was previously a "goto qspi_resource_err;" where then ret was returned, but since ret was still initialized to 0 at this place this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix use-after-free on unbind"). The issue was not introduced by this commit, only made more obvious.

INFO

Published Date :

Oct. 7, 2025, 4:15 p.m.

Last Modified :

Oct. 8, 2025, 7:38 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-53658 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Update the Linux kernel driver to correctly handle missing resources and prevent null pointer dereferences.
  • Apply the latest Linux kernel updates.
  • Ensure the bcm-qspi driver handles resource availability.
  • Update platform drivers to manage resource errors gracefully.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-53658.

URL Resource
https://git.kernel.org/stable/c/217b6ea8cf7b819477bca597a6ae2d43d38ba283
https://git.kernel.org/stable/c/22ae32d80ef590d12a2364e4621f90f7c58445c7
https://git.kernel.org/stable/c/32b9c8f7892c19f7f5c9fed5fb410b9fd5990bb6
https://git.kernel.org/stable/c/398e6a015877d44327f754aeb48ff3354945c78c
https://git.kernel.org/stable/c/7c1f23ad34fcdace50275a6aa1e1969b41c6233f
https://git.kernel.org/stable/c/a91c34357afcfaa5307e254f22a8452550a07b34
https://git.kernel.org/stable/c/d20db3c58a7f9361e370a7850ceb60dbdf62eea3
https://git.kernel.org/stable/c/d3dcdb43c872a3b967345144151a2c9bb9124c9b
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-53658 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-53658 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-53658 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-53658 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 07, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: spi: bcm-qspi: return error if neither hif_mspi nor mspi is available If neither a "hif_mspi" nor "mspi" resource is present, the driver will just early exit in probe but still return success. Apart from not doing anything meaningful, this would then also lead to a null pointer access on removal, as platform_get_drvdata() would return NULL, which it would then try to dereference when trying to unregister the spi master. Fix this by unconditionally calling devm_ioremap_resource(), as it can handle a NULL res and will then return a viable ERR_PTR() if we get one. The "return 0;" was previously a "goto qspi_resource_err;" where then ret was returned, but since ret was still initialized to 0 at this place this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix use-after-free on unbind"). The issue was not introduced by this commit, only made more obvious.
    Added Reference https://git.kernel.org/stable/c/217b6ea8cf7b819477bca597a6ae2d43d38ba283
    Added Reference https://git.kernel.org/stable/c/22ae32d80ef590d12a2364e4621f90f7c58445c7
    Added Reference https://git.kernel.org/stable/c/32b9c8f7892c19f7f5c9fed5fb410b9fd5990bb6
    Added Reference https://git.kernel.org/stable/c/398e6a015877d44327f754aeb48ff3354945c78c
    Added Reference https://git.kernel.org/stable/c/7c1f23ad34fcdace50275a6aa1e1969b41c6233f
    Added Reference https://git.kernel.org/stable/c/a91c34357afcfaa5307e254f22a8452550a07b34
    Added Reference https://git.kernel.org/stable/c/d20db3c58a7f9361e370a7850ceb60dbdf62eea3
    Added Reference https://git.kernel.org/stable/c/d3dcdb43c872a3b967345144151a2c9bb9124c9b
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.