{ "threat_severity" : "Low", "public_date" : "2025-10-07T00:00:00Z", "bugzilla" : { "description" : "kernel: OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate()", "id" : "2402206", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402206" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nOPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate()\n\"opp\" pointer is dereferenced before the IS_ERR_OR_NULL() check. Fix it by\nremoving the dereference to cache opp_table and dereference it directly\nwhere opp_table is used.\nThis fixes the following smatch warning:\ndrivers/opp/core.c:232 dev_pm_opp_get_required_pstate() warn: variable\ndereferenced before IS_ERR check 'opp' (see line 230)", "A NULL pointer dereference flaw was found in the Linux kernel's OPP (Operating Performance Points) framework in the power state retrieval logic. \nA local user can trigger this issue by invoking power management operations when the OPP pointer is dereferenced to cache the opp_table before checking whether the pointer is valid. This causes the kernel to dereference a NULL or error pointer, resulting in a kernel crash and denial of service." ], "statement" : "The dev_pm_opp_get_required_pstate function attempts to optimize by caching opp->opp_table in a local variable before validating that the opp pointer is non-NULL or not an error value. When the opp pointer is NULL or contains an error code, the dereference on line 230 occurs before the IS_ERR_OR_NULL check on line 232. This violates the principle of checking pointer validity before use and causes an immediate kernel crash when the function is called with invalid input. The issue can occur during power management operations on devices that use the OPP framework for dynamic voltage and frequency scaling.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53664\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53664\nhttps://lore.kernel.org/linux-cve-announce/2025100703-CVE-2023-53664-a38d@gregkh/T" ], "name" : "CVE-2023-53664", "csaw" : false }