CVE-2023-53283

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a vulnerability in the xen/virtio subsystem where a NULL dereference can occur within the xen dt get node() function when a bridge of the PCI root bus has no parent. This occurs when running Xen on a QEMU/KVM virtual machine with virtio devices (all x86 64 architectures). The issue arises because the PCI root bus is created from ACPI description without a parent, leading to a NULL pointer access when attempting to access bus->bridge->parent->of node.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.