VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54249

CVE-2023-54249

Description

In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: ep: Only send -ENOTCONN status if client driver is available

For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result in null pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A null pointer dereference in the Linux kernel's MHI endpoint driver could occur when processing STOP/RESET commands without a client driver.

Root

Cause

In the Linux kernel's MHI (Modem Host Interface) endpoint driver, a flaw exists in the handling of STOP and RESET channel commands. The vulnerability arises because the driver unconditionally attempts to send the -ENOTCONN status to the client driver, even when that client driver is not present or available. This leads to a null pointer dereference.

Exploitation

An attacker with the ability to send crafted MHI commands to the endpoint could trigger the STOP or RESET command path when no client driver is bound. The prerequisite is access to the MHI bus communication, which may require local access or a compromised component that can issue MHI commands.

Impact

Successful exploitation causes a kernel NULL pointer dereference, resulting in a denial of service (system crash or panic). No privilege escalation or data leakage is described in the source.

Mitigation

The fix was applied in the Linux kernel stable tree via commit [1] and is included in updated kernel releases. Users should apply the latest stable kernel updates to remediate the vulnerability. No workaround is mentioned in the reference.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
353aea15d6ed
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
860ad591056d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e6cebcc27519
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.