DEBIAN-CVE-2023-53362

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-53362

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53362.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53362

Upstream

CVE-2023-53362

Published

2025-09-17T15:15:40Z

Modified

2025-09-19T07:33:42.443241Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: don't assume child devices are all fsl-mc devices Changes in VFIO caused a pseudo-device to be created as child of fsl-mc devices causing a crash [1] when trying to bind a fsl-mc device to VFIO. Fix this by checking the device type when enumerating fsl-mc child devices. [1] Modules linked in: Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP CPU: 6 PID: 1289 Comm: sh Not tainted 6.2.0-rc5-00047-g7c46948a6e9c #2 Hardware name: NXP Layerscape LX2160ARDB (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mcsendcommand+0x24/0x1f0 lr : dprcgetobjregion+0xfc/0x1c0 sp : ffff80000a88b900 x29: ffff80000a88b900 x28: ffff48a9429e1400 x27: 00000000000002b2 x26: ffff48a9429e1718 x25: 0000000000000000 x24: 0000000000000000 x23: ffffd59331ba3918 x22: ffffd59331ba3000 x21: 0000000000000000 x20: ffff80000a88b9b8 x19: 0000000000000000 x18: 0000000000000001 x17: 7270642f636d2d6c x16: 73662e3030303030 x15: ffffffffffffffff x14: ffffd59330f1d668 x13: ffff48a8727dc389 x12: ffff48a8727dc386 x11: 0000000000000002 x10: 00008ceaf02f35d4 x9 : 0000000000000012 x8 : 0000000000000000 x7 : 0000000000000006 x6 : ffff80000a88bab0 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000a88b9e8 x2 : ffff80000a88b9e8 x1 : 0000000000000000 x0 : ffff48a945142b80 Call trace: mcsendcommand+0x24/0x1f0 dprcgetobjregion+0xfc/0x1c0 fslmcdeviceadd+0x340/0x590 fslmcobjdeviceadd+0xd0/0xf8 dprcscanobjects+0x1c4/0x340 dprcscancontainer+0x38/0x60 vfiofslmcprobe+0x9c/0xf8 fslmcdriverprobe+0x24/0x70 reallyprobe+0xbc/0x2a8 _driverprobedevice+0x78/0xe0 devicedriverattach+0x30/0x68 bindstore+0xa8/0x130 drvattrstore+0x24/0x38 sysfskfwrite+0x44/0x60 kernfsfopwriteiter+0x128/0x1b8 vfswrite+0x334/0x448 ksyswrite+0x68/0xf0 _arm64syswrite+0x1c/0x28 invokesyscall+0x44/0x108 el0svccommon.constprop.1+0x94/0xf8 doel0svc+0x38/0xb0 el0svc+0x20/0x50 el0t64synchandler+0x98/0xc0 el0t64_sync+0x174/0x178 Code: aa0103f4 a9025bf5 d5384100 b9400801 (79401260) ---[ end trace 0000000000000000 ]---

References

https://security-tracker.debian.org/tracker/CVE-2023-53362

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.52-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}