CVE-2023-54059

Root

Cause

The Mediatek Smart Voltage Scaling (SVS) driver in the Linux kernel enables its interrupt handler before the necessary data structures are fully initialised. When the system is booted via kexec() (not from a full reset), the hardware peripheral may already be active and trigger an IRQ immediately upon registration. Because the driver's internal state is still being set up, the interrupt service routine svs_isr dereferences a NULL pointer, leading to a kernel panic [1].

Attack

Vector

This vulnerability is triggered during a specific boot path — kexec-based boot — and does not require any special privileges or network access. An attacker who can control the kernel image loaded via kexec could deliberately cause the crash. However, in normal operation, the bug manifests as a reliability issue rather than a remotely exploitable flaw.

Impact

The NULL pointer dereference results in an immediate kernel panic (Unable to handle kernel NULL pointer dereference), causing a denial of service (system crash) at boot time. No privilege escalation or data leakage is described in the advisory [1].

Mitigation

The fix, applied in the Linux kernel stable tree, moves the interrupt enabling to after the SVS data structures are fully initialised, ensuring the handler never sees incomplete state [1]. Users running kernels prior to this patch – especially on systems using kexec – are vulnerable to boot-time crashes.