CVE-2023-53362

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53362
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53362.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53362
Downstream
Related
Published
2025-09-17T14:56:51.728Z
Modified
2026-03-20T12:33:06.690677Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
bus: fsl-mc: don't assume child devices are all fsl-mc devices
Details

In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc: don't assume child devices are all fsl-mc devices

Changes in VFIO caused a pseudo-device to be created as child of fsl-mc devices causing a crash [1] when trying to bind a fsl-mc device to VFIO. Fix this by checking the device type when enumerating fsl-mc child devices.

[1] Modules linked in: Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP CPU: 6 PID: 1289 Comm: sh Not tainted 6.2.0-rc5-00047-g7c46948a6e9c #2 Hardware name: NXP Layerscape LX2160ARDB (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mcsendcommand+0x24/0x1f0 lr : dprcgetobjregion+0xfc/0x1c0 sp : ffff80000a88b900 x29: ffff80000a88b900 x28: ffff48a9429e1400 x27: 00000000000002b2 x26: ffff48a9429e1718 x25: 0000000000000000 x24: 0000000000000000 x23: ffffd59331ba3918 x22: ffffd59331ba3000 x21: 0000000000000000 x20: ffff80000a88b9b8 x19: 0000000000000000 x18: 0000000000000001 x17: 7270642f636d2d6c x16: 73662e3030303030 x15: ffffffffffffffff x14: ffffd59330f1d668 x13: ffff48a8727dc389 x12: ffff48a8727dc386 x11: 0000000000000002 x10: 00008ceaf02f35d4 x9 : 0000000000000012 x8 : 0000000000000000 x7 : 0000000000000006 x6 : ffff80000a88bab0 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000a88b9e8 x2 : ffff80000a88b9e8 x1 : 0000000000000000 x0 : ffff48a945142b80 Call trace: mcsendcommand+0x24/0x1f0 dprcgetobjregion+0xfc/0x1c0 fslmcdeviceadd+0x340/0x590 fslmcobjdeviceadd+0xd0/0xf8 dprcscanobjects+0x1c4/0x340 dprcscancontainer+0x38/0x60 vfiofslmcprobe+0x9c/0xf8 fslmcdriverprobe+0x24/0x70 reallyprobe+0xbc/0x2a8 __driverprobedevice+0x78/0xe0 devicedriverattach+0x30/0x68 bindstore+0xa8/0x130 drvattrstore+0x24/0x38 sysfskfwrite+0x44/0x60 kernfsfopwriteiter+0x128/0x1b8 vfswrite+0x334/0x448 ksyswrite+0x68/0xf0 _arm64syswrite+0x1c/0x28 invokesyscall+0x44/0x108 el0svccommon.constprop.1+0x94/0xf8 doel0svc+0x38/0xb0 el0svc+0x20/0x50 el0t64synchandler+0x98/0xc0 el0t64sync+0x174/0x178 Code: aa0103f4 a9025bf5 d5384100 b9400801 (79401260) ---[ end trace 0000000000000000 ]---

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53362.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3c28a76124b25882411f005924be73795b6ef078
Fixed
5bd9dc3e767edf582be483be8d6bbc7433bd4cf8
Fixed
8bdd5c21ec02835bd445d022f4c23195aff407d2
Fixed
303c9c63abb9390e906052863f82bb4e9824e5c0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53362.json"