CVE-2023-54027

CVSS v2.0

4.3

Medium

Vector

AV:A/AC:H/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's IIO core that can lead to an invalid memory access when a device lacks a parent. A commit intended to improve label retrieval during device registration inadvertently introduced this issue. Specifically, when creating a new entry in configfs with the IIO dummy driver, a NULL pointer dereference occurs if the device has no parent. This results in a kernel BUG. The issue arises from accessing a NULL pointer within the iio device register function during the device registration process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-01138

CVE-2023-54027

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

CVE-2023-54027

Weakness Enumeration

Related Identifiers

Affected Products

References · 1459