Vulnerability Database

319,897

Total vulnerabilities in the database

CVE-2023-53515

In the Linux kernel, the following vulnerability has been resolved:

virtio-mmio: don't break lifecycle of vm_dev

vm_dev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct.

Allocating the vm_dev struct with devres totally breaks this protection, though. Instead of waiting for the vm_dev release callback, the memory is freed when the platform_device is removed. Resulting in a use-after-free when finally the callback is to be called.

To easily see the problem, compile the kernel with CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.

The fix is easy, don't use devres in this case.

Found during my research about object lifetime problems.

  • Published: Oct 1, 2025
  • Updated: Jan 27, 2026
  • CVE: CVE-2023-53515
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.15.1 4.19.293
linux / linux_kernel 4.20 5.4.255
linux / linux_kernel 5.5 5.10.192
linux / linux_kernel 5.11 5.15.128
linux / linux_kernel 5.16 6.1.47
linux / linux_kernel 6.2 6.4.12
linux / linux_kernel 4.15 4.15.x
linux / linux_kernel 4.15-rc3 4.15-rc3.x
linux / linux_kernel 4.15-rc4 4.15-rc4.x
linux / linux_kernel 4.15-rc5 4.15-rc5.x
linux / linux_kernel 4.15-rc6 4.15-rc6.x
linux / linux_kernel 4.15-rc7 4.15-rc7.x
linux / linux_kernel 4.15-rc8 4.15-rc8.x
linux / linux_kernel 4.15-rc9 4.15-rc9.x
linux / linux_kernel 6.5-rc1 6.5-rc1.x
linux / linux_kernel 6.5-rc2 6.5-rc2.x
linux / linux_kernel 6.5-rc3 6.5-rc3.x
linux / linux_kernel 6.5-rc4 6.5-rc4.x
linux / linux_kernel 6.5-rc5 6.5-rc5.x
linux / linux_kernel 6.5-rc6 6.5-rc6.x