Home

Description

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call of_changeset_init() early When of_overlay_fdt_apply() fails, the changeset may be partially applied, and the caller is still expected to call of_overlay_remove() to clean up this partial state. However, of_overlay_apply() calls of_resolve_phandles() before init_overlay_changeset(). Hence if the overlay fails to apply due to an unresolved symbol, the overlay_changeset.cset.entries list is still uninitialized, and cleanup will crash with a NULL-pointer dereference in overlay_removal_is_ok(). Fix this by moving the call to of_changeset_init() from init_overlay_changeset() to of_overlay_fdt_apply(), where all other early initialization is done.

PUBLISHED Reserved 2025-12-09 | Published 2025-12-09 | Updated 2025-12-09 | Assigner Linux

Product status

Default status
unaffected

f948d6d8b792bb90041edc12eac35faf83030994 (git) before 01bb96ad38089f5cc6de7746dac13437d35eb1dc
affected

f948d6d8b792bb90041edc12eac35faf83030994 (git) before 3fb210cd521c9efcb211e9f5ce40fc907200bf13
affected

f948d6d8b792bb90041edc12eac35faf83030994 (git) before be86241bf5d1efd16d8a7231c13b33459c5d755d
affected

f948d6d8b792bb90041edc12eac35faf83030994 (git) before c403c81b577a67fe9ec6a2e89d143256487be50f
affected

f948d6d8b792bb90041edc12eac35faf83030994 (git) before a9515ff4fb142b690a0d2b58782b15903b990dba
affected

Default status
affected

4.15
affected

Any version before 4.15
unaffected

5.15.132 (semver)
unaffected

6.1.53 (semver)
unaffected

6.4.16 (semver)
unaffected

6.5.3 (semver)
unaffected

6.6 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/01bb96ad38089f5cc6de7746dac13437d35eb1dc

git.kernel.org/...c/3fb210cd521c9efcb211e9f5ce40fc907200bf13

git.kernel.org/...c/be86241bf5d1efd16d8a7231c13b33459c5d755d

git.kernel.org/...c/c403c81b577a67fe9ec6a2e89d143256487be50f

git.kernel.org/...c/a9515ff4fb142b690a0d2b58782b15903b990dba

cve.org (CVE-2023-53856)

nvd.nist.gov (CVE-2023-53856)

Download JSON