Description

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxl_parse_cfmws() KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxl_decoder_add() fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in cxl_parse_cfmws (drivers/cxl/acpi.c:299) This happens in cxl_parse_cfmws(), where put_device() is called, releasing cxld, which is accessed later. Use the local variables in the dev_err() instead of pointing to the released memory. Since the dev_err() is printing a resource, change the open coded print format to use the %pr format specifier.

INFO

Published Date :

2025-10-01T11:42:47.987Z

Last Modified :

2025-10-01T11:42:47.987Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53479 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53479.

URL Resource
https://git.kernel.org/stable/c/316db489647b8ddc381682597e89787eac61a278 cve-icon cve-icon
https://git.kernel.org/stable/c/4cf67d3cc9994a59cf77bb9c0ccf9007fe916afe cve-icon cve-icon
https://git.kernel.org/stable/c/748fadc08bcbdaf573b34d9784bb3dbd87441dbf cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100112-CVE-2023-53479-5c70@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53479 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53479 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact