CVE-2023-53807

Root

Cause

The vulnerability is a dereference of an error pointer in the clk_wzrd_register_divider() function of the Linux kernel's clocking-wizard driver. Smatch static analysis identified that if devm_clk_hw_register() fails, the returned pointer hw is an error pointer, but the code immediately dereferences it without checking for an error, leading to an Oops (kernel crash) [1][2].

Exploitation

An attacker would need to be able to trigger a failure of devm_clk_hw_register(). This could be achieved by exhausting memory or causing a transient hardware failure in a system that uses the clocking-wizard driver. No special privileges are explicitly required; the vulnerability can be triggered during normal driver probe on affected hardware.

Impact

Successful exploitation leads to a kernel panic (denial of service) due to dereferencing an invalid pointer. The system crashes, requiring a reboot. There is no indication of privilege escalation or data corruption beyond the crash itself [1][2].

Mitigation

The fix has been applied to the mainline Linux kernel and stable branches. It simply returns the error pointer directly instead of dereferencing it. Users should update to a kernel version containing this commit (e.g., commit f078a65ebf93 or 25dbdfb7b71e) [1][2].