CVE-2023-53356

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53356
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53356.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53356
Downstream
Related
Published
2025-09-17T14:56:46.113Z
Modified
2025-11-28T02:34:30.431768Z
Summary
usb: gadget: u_serial: Add null pointer check in gserial_suspend
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: userial: Add null pointer check in gserialsuspend

Consider a case where gserialdisconnect has already cleared gser->ioport. And if gserialsuspend gets called afterwards, it will lead to accessing of gser->ioport and thus causing null pointer dereference.

Avoid this by adding a null pointer check. Added a static spinlock to prevent gser->ioport from becoming null after the newly added null pointer check.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53356.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aba3a8d01d623a5efef48ab8e78752d58d4c90c3
Fixed
2788a3553f7497075653210b42e2aeb6ba95e28e
Fixed
a8ea7ed644cbf6314b5b0136b5398754b549fb8f
Fixed
e60a827ac074ce6bd58305fe5a86afab5fce6a04
Fixed
374447e3367767156405bedd230c5d391f4b7962
Fixed
2f6ecb89fe8feb2b60a53325b0eeb9866d88909a

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.8.0
Fixed
5.10.188
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.121
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.39
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.4