CVE-2023-53310

In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gauge: Fix external_power_changed race fuel_gauge_external_power_changed() dereferences info->bat, which gets sets in axp288_fuel_gauge_probe() like this: info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg); As soon as devm_power_supply_register() has called device_add() the external_power_changed callback can get called. So there is a window where fuel_gauge_external_power_changed() may get called while info->bat has not been set yet leading to a NULL pointer dereference. Fixing this is easy. The external_power_changed callback gets passed the power_supply which will eventually get stored in info->bat, so fuel_gauge_external_power_changed() can simply directly use the passed in psy argument which is always valid.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0456b912121e45b3ef54abe3135e5dcb541f956c	Patch
https://git.kernel.org/stable/c/a636c6ba9ce898207f283271cb28511206ab739b	Patch
https://git.kernel.org/stable/c/f8319774d6f1567d6e7d03653174ab0c82c5c66d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc3::::::

History

No history.

Information

Published : 2025-09-16 17:15

Updated : 2026-01-14 19:16

NVD link : CVE-2023-53310

Mitre link : CVE-2023-53310

CVE.ORG link : CVE-2023-53310

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2023-53310", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2025-09-16T17:15:36.847", "references": [{"url": "https://git.kernel.org/stable/c/0456b912121e45b3ef54abe3135e5dcb541f956c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a636c6ba9ce898207f283271cb28511206ab739b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f8319774d6f1567d6e7d03653174ab0c82c5c66d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: axp288_fuel_gauge: Fix external_power_changed race\n\nfuel_gauge_external_power_changed() dereferences info->bat,\nwhich gets sets in axp288_fuel_gauge_probe() like this:\n\n info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg);\n\nAs soon as devm_power_supply_register() has called device_add()\nthe external_power_changed callback can get called. So there is a window\nwhere fuel_gauge_external_power_changed() may get called while\ninfo->bat has not been set yet leading to a NULL pointer dereference.\n\nFixing this is easy. The external_power_changed callback gets passed\nthe power_supply which will eventually get stored in info->bat,\nso fuel_gauge_external_power_changed() can simply directly use\nthe passed in psy argument which is always valid."}], "lastModified": "2026-01-14T19:16:24.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96ED2287-2842-4A17-B79A-9F1F111B827C", "versionEndExcluding": "6.1.31", "versionStartIncluding": "5.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34DD94CA-4DA1-41C3-9A9B-92ACD7F4E240", "versionEndExcluding": "6.3.5", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}