CVE-2023-54087

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s UBI (Unsorted Block Images) module where a null pointer dereference can occur within the ubi free volume() function. This issue arises during device deletion when a device has not been fully added, leading to a null pointer being accessed. The problem stems from the ubi add volume() function potentially failing during device addition, and subsequent calls to kill volumes() attempting to delete devices that were never properly registered. The issue is triggered when cdev add() fails within ubi add volume(), leading to a call to kill volumes(), which then attempts to delete a device in ubi free volume() that was not added. The fix involves handling error cases within ubi add volume() to ensure that volumes are set to null if addition fails, preventing access in kill volumes().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.