CVE-2023-53250: firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
In the Linux kernel, the following vulnerability has been resolved:
firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
KASAN reported a null-ptr-deref error:
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 1373 Comm: modprobe
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:dmi_sysfs_entry_release
...
Call Trace:
<TASK>
kobject_put
dmi_sysfs_register_handle (drivers/firmware/dmi-sysfs.c:540) dmi_sysfs
dmi_decode_table (drivers/firmware/dmi_scan.c:133)
dmi_walk (drivers/firmware/dmi_scan.c:1115)
dmi_sysfs_init (drivers/firmware/dmi-sysfs.c:149) dmi_sysfs
do_one_initcall (init/main.c:1296)
...
Kernel panic - not syncing: Fatal exception
Kernel Offset: 0x4000000 from 0xffffffff81000000
---[ end Kernel panic - not syncing: Fatal exception ]---
It is because previous patch added kobject_put() to release the memory
which will call dmi_sysfs_entry_release() and list_del().
However, list_add_tail(entry->list) is called after the error block,
so the list_head is uninitialized and cannot be deleted.
Move error handling to after list_add_tail to fix this.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel availability bug in the DMI sysfs firmware interface. A local user with some privileges could trigger a kernel crash under the vulnerable code path. The main business risk is host outage, not data theft or remote compromise.
Executive priority
Handle through normal kernel patch management, with higher priority for critical shared infrastructure. The issue can crash affected hosts but currently has no provided evidence of active exploitation or remote reachability.
Technical view
The flaw is a NULL pointer dereference in dmi_sysfs_register_handle. Error handling could call kobject_put, reaching dmi_sysfs_entry_release and list_del before the entry list_head was initialized. The kernel fix moves error handling after list_add_tail. CVSS is 5.5: local, low complexity, low privileges, high availability impact.
Likely exposure
Exposure is most relevant on Linux systems running affected kernel builds with dmi-sysfs available. The source bundle lists Linux kernel affected ranges and stable fixes, but distro-specific backports are not identified. Validate using installed kernel package versions and vendor advisories.
Exploitation context
The CVE source marks KEV as false, and the bundle provides no cited evidence of active exploitation. The CVSS vector requires local access and low privileges. Treat this as a denial-of-service risk rather than a remote code execution issue.
Researcher notes
Focus validation on the dmi-sysfs registration error path and affected kernel lineage. The public description identifies the root cause and fix pattern, but the bundle does not provide distro package mapping or exploitation evidence.
Mitigation direction
Update affected Linux kernels to vendor-provided fixed builds.
Prioritize shared, multi-user, and availability-sensitive Linux hosts.
Check Linux distribution advisories for backported fixes.
Restrict unnecessary local shell access where operationally feasible.
Monitor kernel crash reports until patching is complete.
Validation and detection
Inventory Linux kernel versions across servers and images.
Confirm whether dmi-sysfs is present or loaded on relevant systems.
Compare installed kernels with vendor fixed-package advisories.
Review crash logs for NULL dereference or dmi-sysfs traces.
Verify patched hosts boot the expected fixed kernel.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-476: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-476 · source CWE mapping
NULL Pointer Dereference
NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.