Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2023-54118— serial: sc16is7xx: setup GPIO controller later in probe

AI Predicted 5.5 Difficulty: Moderate EPSS 0.02% · P7

Affected Version Matrix 12

VendorProductVersion RangeStatus
LinuxLinuxdfeae619d781dee61666d5551b93ba3be755a86b< 17b96b5c19bec791b433890549e44ca523dc82aaaffected
dfeae619d781dee61666d5551b93ba3be755a86b< 49b326ce8a686428d8cbb82ed74fc88ed3f95a51affected
dfeae619d781dee61666d5551b93ba3be755a86b< f57c2164d082a36d177ab7fbf54c18970df89c22affected
dfeae619d781dee61666d5551b93ba3be755a86b< b71ff206707855ce73c04794c76f7b678b2d4f72affected
dfeae619d781dee61666d5551b93ba3be755a86b< c8f71b49ee4d28930c4a6798d1969fa91dc4ef3eaffected
3.16affected
< 3.16unaffected
5.10.173≤ 5.10.*unaffected
… +4 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-54118

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
serial: sc16is7xx: setup GPIO controller later in probe
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx] ... Call trace: sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] gpiod_direction_output_raw_commit+0x64/0x318 gpiod_direction_output+0xb0/0x170 create_gpio_led+0xec/0x198 gpio_led_probe+0x16c/0x4f0 platform_drv_probe+0x5c/0xb0 really_probe+0xe8/0x448 driver_probe_device+0xe8/0x138 __device_attach_driver+0x94/0x118 bus_for_each_drv+0x8c/0xe0 __device_attach+0x100/0x1b8 device_initial_probe+0x28/0x38 bus_probe_device+0xa4/0xb0 deferred_probe_work_func+0x90/0xe0 process_one_work+0x1c4/0x480 worker_thread+0x54/0x430 kthread+0x138/0x150 ret_from_fork+0x10/0x1c This patch moves the setup of the GPIO controller functions to later in the probe function, ensuring the sc16is7xx device has already finished initialising by the time other devices try to make use of the GPIO lines. The error handling has also been reordered to reflect the new initialisation order.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于GPIO控制器初始化过早,可能导致竞争条件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux dfeae619d781dee61666d5551b93ba3be755a86b ~ 17b96b5c19bec791b433890549e44ca523dc82aa -
LinuxLinux 3.16 -

II. Public POCs for CVE-2023-54118

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-54118

登录查看更多情报信息。

Other References for CVE-2023-54118 (3)

Same Patch Batch · Linux · 2025-12-24 · 322 CVEs total

CVE-2022-50753f2fs: fix to do sanity check on summary info
CVE-2022-50764ipv6/sit: use DEV_STATS_INC() to avoid data-races
CVE-2022-50763crypto: marvell/octeontx - prevent integer overflows
CVE-2022-50762fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst()
CVE-2022-50760drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
CVE-2022-50761x86/xen: Fix memory leak in xen_init_lock_cpu()
CVE-2022-50759media: i2c: ov5648: Free V4L2 fwnode data on unbind
CVE-2022-50758staging: vt6655: fix potential memory leak
CVE-2022-50756nvme-pci: fix mempool alloc size
CVE-2022-50757media: camss: Clean up received buffers on failed start of streaming
CVE-2022-50755udf: Avoid double brelse() in udf_rename()
CVE-2022-50750drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
CVE-2022-50745staging: media: tegra-video: fix device_node use after free
CVE-2022-50746erofs: validate the extent length for uncompressed pclusters
CVE-2022-50747hfs: Fix OOB Write in hfs_asc2mac
CVE-2022-50748ipc: mqueue: fix possible memory leak in init_mqueue_fs()
CVE-2022-50751configfs: fix possible memory leak in configfs_create_dir()
CVE-2022-50754apparmor: fix a memleak in multi_transaction_new()
CVE-2022-50752md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
CVE-2022-50765RISC-V: kexec: Fix memory leak of elf header buffer

Showing top 20 of 322 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2023-54118

No comments yet

Leave a comment