CVE-2023-53658

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the bcm-qspi driver. If neither a "hif mspi" nor "mspi" resource is present, the driver exits probe prematurely but still indicates success. This leads to a potential null pointer dereference during removal, specifically when platform get drvdata() returns NULL and is subsequently dereferenced during unregistration of the SPI master. The issue is addressed by unconditionally calling devm ioremap resource(), which can handle a NULL resource and return an appropriate error pointer. The initial incorrect return value was a result of a previous fix that did not introduce the issue but made it more apparent.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.