CVE-2023-53750

The vulnerability resides in the Freescale pinctrl driver (pinctrl: freescale) in the Linux kernel. When a pad wakeup configuration is passed with num_configs set to 1, the code incorrectly attempts to fetch configs[1], which is out of bounds for a single-element array. This leads to a memory out-of-bounds read condition that can be detected by KASAN [1].

Exploitation requires the ability to trigger a pad wakeup configuration with num_configs equal to 1. An attacker with local access or the ability to influence the pinctrl configuration could cause the driver to read beyond the allocated buffer, potentially leaking sensitive kernel memory or causing a crash. The root cause is a logic error: the code should only access configs[1] when num_configs is 2 or greater, but the check allows the out-of-bounds read when num_configs == 1 [1].

The impact includes a possible kernel panic or denial of service, as the out-of-bounds read may trigger a crash. In environments where KASAN is enabled, it directly detects the violation, but even without it, undefined behavior can lead to exploitable conditions. No privilege escalation is directly described, but depending on memory layout, an attacker might infer sensitive data.

The fix was applied in the mainline Linux kernel repository via commit 27d9a7585b59. Users should update to a kernel version containing this patch. The vulnerability does not affect the default configuration; it occurs only when specific pinctrl wakeup settings are used [1]. No workaround is documented beyond applying the kernel update.