CVE-2023-53098: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: rc: gpio-ir-recv: add remove function In case runtime PM is enabled, do runtime PM clean up to remove cpu latency qos request, otherwise driver removal may have below kernel dump: [ 19.463299] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 19.472161] Mem abort info: [ 19.474985] ESR = 0x0000000096000004 [ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits [ 19.484081] SET = 0, FnV = 0 [ 19.487149] EA = 0, S1PTW = 0 [ 19.490361] FSC = 0x04: level 0 translation fault [ 19.495256] Data abort info: [ 19.498149] ISV = 0, ISS = 0x00000004 [ 19.501997] CM = 0, WnR = 0 [ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2023-53098 is a vulnerability identified in the Linux kernel specifically related to the gpio-ir-recv driver, which is part of the media subsystem handling remote control infrared (IR) receivers. The issue arises when runtime power management (PM) is enabled. The vulnerability is due to the absence of proper cleanup during driver removal, particularly the failure to remove CPU latency QoS (Quality of Service) requests. This improper cleanup can lead to a NULL pointer dereference in the kernel, causing a kernel oops and system crash. The detailed kernel logs indicate that the fault occurs at the function cpu_latency_qos_remove_request, triggered during the runtime suspend sequence of the gpio_ir_recv driver. The problem manifests as a level 0 translation fault due to dereferencing a NULL pointer, which results in a kernel panic or crash. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and potentially other versions with similar driver implementations. The vulnerability is triggered during driver removal or runtime suspend operations when runtime PM is enabled, which is common in embedded and mobile devices to save power. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability is technical in nature and requires kernel-level access to exploit, typically during module insertion or removal. It does not appear to be remotely exploitable or to allow privilege escalation directly but can cause denial of service through system crashes.
Potential Impact
For European organizations, the impact of CVE-2023-53098 primarily concerns systems running Linux kernels with the affected gpio-ir-recv driver and runtime PM enabled. This includes embedded systems, IoT devices, industrial control systems, and specialized hardware platforms that rely on Linux for media and remote control functionalities. A successful exploitation leads to kernel crashes and system downtime, resulting in denial of service (DoS). In critical infrastructure sectors such as manufacturing, transportation, and telecommunications, where embedded Linux devices are prevalent, this could disrupt operations and cause service outages. Although the vulnerability does not directly lead to data breaches or privilege escalation, the resulting instability can impact system availability and reliability. European organizations deploying Linux-based devices in operational technology (OT) environments or using Linux kernels with runtime PM enabled should be particularly cautious. The lack of remote exploitability limits the threat to local or administrative users, but insider threats or compromised systems could trigger the vulnerability to cause disruption. The absence of known exploits reduces immediate risk but does not eliminate the need for timely patching to maintain system stability and security.
Mitigation Recommendations
To mitigate CVE-2023-53098, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring that the gpio-ir-recv driver properly removes CPU latency QoS requests during runtime PM cleanup. 2) Audit and monitor systems that use runtime PM with the gpio-ir-recv driver enabled, especially embedded and IoT devices, to identify any abnormal kernel crashes or oops messages related to gpio_ir_recv. 3) Where patching is not immediately feasible, consider disabling runtime PM for the gpio-ir-recv driver as a temporary workaround to prevent the faulty cleanup path from being executed. 4) Limit administrative access to systems running vulnerable kernels to reduce the risk of local exploitation or accidental triggering of the vulnerability. 5) Implement robust system monitoring and alerting for kernel panics and crashes to enable rapid response and remediation. 6) For embedded device manufacturers and integrators, ensure that device firmware and kernel versions are updated and tested to include this fix before deployment. 7) Engage with Linux distribution maintainers and vendors to confirm that security updates addressing this vulnerability are included in official releases and backports for long-term support kernels commonly used in European enterprises.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Poland, Belgium
CVE-2023-53098: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: rc: gpio-ir-recv: add remove function In case runtime PM is enabled, do runtime PM clean up to remove cpu latency qos request, otherwise driver removal may have below kernel dump: [ 19.463299] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 19.472161] Mem abort info: [ 19.474985] ESR = 0x0000000096000004 [ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits [ 19.484081] SET = 0, FnV = 0 [ 19.487149] EA = 0, S1PTW = 0 [ 19.490361] FSC = 0x04: level 0 translation fault [ 19.495256] Data abort info: [ 19.498149] ISV = 0, ISS = 0x00000004 [ 19.501997] CM = 0, WnR = 0 [ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2023-53098 is a vulnerability identified in the Linux kernel specifically related to the gpio-ir-recv driver, which is part of the media subsystem handling remote control infrared (IR) receivers. The issue arises when runtime power management (PM) is enabled. The vulnerability is due to the absence of proper cleanup during driver removal, particularly the failure to remove CPU latency QoS (Quality of Service) requests. This improper cleanup can lead to a NULL pointer dereference in the kernel, causing a kernel oops and system crash. The detailed kernel logs indicate that the fault occurs at the function cpu_latency_qos_remove_request, triggered during the runtime suspend sequence of the gpio_ir_recv driver. The problem manifests as a level 0 translation fault due to dereferencing a NULL pointer, which results in a kernel panic or crash. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and potentially other versions with similar driver implementations. The vulnerability is triggered during driver removal or runtime suspend operations when runtime PM is enabled, which is common in embedded and mobile devices to save power. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability is technical in nature and requires kernel-level access to exploit, typically during module insertion or removal. It does not appear to be remotely exploitable or to allow privilege escalation directly but can cause denial of service through system crashes.
Potential Impact
For European organizations, the impact of CVE-2023-53098 primarily concerns systems running Linux kernels with the affected gpio-ir-recv driver and runtime PM enabled. This includes embedded systems, IoT devices, industrial control systems, and specialized hardware platforms that rely on Linux for media and remote control functionalities. A successful exploitation leads to kernel crashes and system downtime, resulting in denial of service (DoS). In critical infrastructure sectors such as manufacturing, transportation, and telecommunications, where embedded Linux devices are prevalent, this could disrupt operations and cause service outages. Although the vulnerability does not directly lead to data breaches or privilege escalation, the resulting instability can impact system availability and reliability. European organizations deploying Linux-based devices in operational technology (OT) environments or using Linux kernels with runtime PM enabled should be particularly cautious. The lack of remote exploitability limits the threat to local or administrative users, but insider threats or compromised systems could trigger the vulnerability to cause disruption. The absence of known exploits reduces immediate risk but does not eliminate the need for timely patching to maintain system stability and security.
Mitigation Recommendations
To mitigate CVE-2023-53098, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring that the gpio-ir-recv driver properly removes CPU latency QoS requests during runtime PM cleanup. 2) Audit and monitor systems that use runtime PM with the gpio-ir-recv driver enabled, especially embedded and IoT devices, to identify any abnormal kernel crashes or oops messages related to gpio_ir_recv. 3) Where patching is not immediately feasible, consider disabling runtime PM for the gpio-ir-recv driver as a temporary workaround to prevent the faulty cleanup path from being executed. 4) Limit administrative access to systems running vulnerable kernels to reduce the risk of local exploitation or accidental triggering of the vulnerability. 5) Implement robust system monitoring and alerting for kernel panics and crashes to enable rapid response and remediation. 6) For embedded device manufacturers and integrators, ensure that device firmware and kernel versions are updated and tested to include this fix before deployment. 7) Engage with Linux distribution maintainers and vendors to confirm that security updates addressing this vulnerability are included in official releases and backports for long-term support kernels commonly used in European enterprises.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.552Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6fa1
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 4:13:32 AM
Last updated: 8/8/2025, 4:16:12 PM
Views: 12
Related Threats
CVE-2025-7679: CWE-306 Missing Authentication for Critical Function in ABB Aspect
HighCVE-2025-7677: CWE-306 Missing Authentication for Critical Function in ABB Aspect
MediumCVE-2025-53191: CWE-306 Missing Authentication for Critical Function in ABB Aspect
HighCVE-2025-53190: CWE-286 in ABB Aspect
HighCVE-2025-53189: CWE-639 Authorization Bypass Through User-Controlled Key in ABB Aspect
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.