CVE-2023-53515
Description
In the Linux kernel, the following vulnerability has been resolved:
virtio-mmio: don't break lifecycle of vm_dev
vm_dev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct.
Allocating the vm_dev struct with devres totally breaks this protection, though. Instead of waiting for the vm_dev release callback, the memory is freed when the platform_device is removed. Resulting in a use-after-free when finally the callback is to be called.
To easily see the problem, compile the kernel with CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.
The fix is easy, don't use devres in this case.
Found during my research about object lifetime problems.
Affected products
15cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.15.1,<4.19.293
- cpe:2.3:o:linux:linux_kernel:4.15:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc8:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.15:rc9:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*
Patches
797a2d55ead76b788ad3b24683ff54d904faf5b7d5c2dd664af5818c351732dcb368fe5a855c91fedd03dVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
News mentions
0No linked articles in our index yet.