CVE-2023-53758 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-53758 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove() An early error exit in atmel_qspi_remove() doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped register space (because devm_ioremap_resource() is undone). So using the remaining spi controller probably results in an oops. Instead unregister the controller unconditionally and only skip hardware access and clk disable. Also add a warning about resume failing and return zero unconditionally. The latter has the only effect to suppress a less helpful error message by the spi core.

EPSS 0.03% · 7.2th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.03%

7.2th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.0, 6.0, 6.0
Linux	Linux	6.0, 0, 6.1.28

Timeline

Dec 8, 2025 EPSS Score
Dec 8, 2025 CVE Published
Dec 8, 2025 PoC Published
Dec 12, 2025 EPSS Score
Dec 15, 2025 EPSS Score
Dec 19, 2025 EPSS Score
Dec 23, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 30, 2025 EPSS Score
Jan 3, 2026 EPSS Score
Jan 7, 2026 EPSS Score
Jan 10, 2026 EPSS Score

References

Open in Interactive Console →