CVE-2023-54298 - Vulnerability Details

- thermal: intel: quark_dts: fix error pointer dereference

Description

In the Linux kernel, the following vulnerability has been resolved:

thermal: intel: quark_dts: fix error pointer dereference

If alloc_soc_dts() fails, then we can just return. Trying to free
"soc_dts" will lead to an Oops.

Published: 2025-12-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`8c1876939663191b5044807230fa295f35462215`	affected	< 0b366c6a42e2e2bc67af8d1130b68f3bfa31c80e
`8c1876939663191b5044807230fa295f35462215`	affected	< d0178f2788fb1183a5cc350213efdc94010b9147
`8c1876939663191b5044807230fa295f35462215`	affected	< e23f1d9e6e03d04da2f18e78ab5d4255ffeb1333
`8c1876939663191b5044807230fa295f35462215`	affected	< f73134231fa23e0856c15010db5f5c03693c1e92
`8c1876939663191b5044807230fa295f35462215`	affected	< 5eaf55b38691291d49417c22e726591078ca1893
`8c1876939663191b5044807230fa295f35462215`	affected	< 69e49f1b53605706bc2203455021539aba2ebe21
`8c1876939663191b5044807230fa295f35462215`	affected	< 24c221b11c2894e1a5f07b93362d9bc91c6d8be7
`8c1876939663191b5044807230fa295f35462215`	affected	< f1b930e740811d416de4d2074da48b6633a672c8

Linux

affected

Version	Status	Constraints
`4.2`	affected	—
`0`	unaffected	< 4.2
`4.14.308`	unaffected	≤ 4.14.*
`4.19.276`	unaffected	≤ 4.19.*
`5.4.235`	unaffected	≤ 5.4.*
`5.10.173`	unaffected	≤ 5.10.*
`5.15.100`	unaffected	≤ 5.15.*
`6.1.18`	unaffected	≤ 6.1.*
`6.2.5`	unaffected	≤ 6.2.*
`6.3`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0b366c6a42e2e2bc67af8d1130b68f3bfa31c80e
https://git.kernel.org/stable/c/24c221b11c2894e1a5f07b93362d9bc91c6d8be7
https://git.kernel.org/stable/c/5eaf55b38691291d49417c22e726591078ca1893
https://git.kernel.org/stable/c/69e49f1b53605706bc2203455021539aba2ebe21
https://git.kernel.org/stable/c/d0178f2788fb1183a5cc350213efdc94010b9147
https://git.kernel.org/stable/c/e23f1d9e6e03d04da2f18e78ab5d4255ffeb1333
https://git.kernel.org/stable/c/f1b930e740811d416de4d2074da48b6633a672c8
https://git.kernel.org/stable/c/f73134231fa23e0856c15010db5f5c03693c1e92
https://lore.kernel.org/linux-cve-announce/2025123031-CVE-2023-54298-d33d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54298
https://www.cve.org/CVERecord?id=CVE-2023-54298

History

Wed, 31 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123031-CVE-2023-54298-d33d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54298 https://www.cve.org/CVERecord?id=CVE-2023-54298
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 30 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quark_dts: fix error pointer dereference If alloc_soc_dts() fails, then we can just return. Trying to free "soc_dts" will lead to an Oops.
Title		thermal: intel: quark_dts: fix error pointer dereference
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0b366c6a42e2e2bc67af8d1130b68f3bfa31c80e https://git.kernel.org/stable/c/24c221b11c2894e1a5f07b93362d9bc91c6d8be7 https://git.kernel.org/stable/c/5eaf55b38691291d49417c22e726591078ca1893 https://git.kernel.org/stable/c/69e49f1b53605706bc2203455021539aba2ebe21 https://git.kernel.org/stable/c/d0178f2788fb1183a5cc350213efdc94010b9147 https://git.kernel.org/stable/c/e23f1d9e6e03d04da2f18e78ab5d4255ffeb1333 https://git.kernel.org/stable/c/f1b930e740811d416de4d2074da48b6633a672c8 https://git.kernel.org/stable/c/f73134231fa23e0856c15010db5f5c03693c1e92

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:23:34.503Z

Updated: 2026-05-11T19:59:15.568Z

Reserved: 2025-12-30T12:06:44.528Z

Link: CVE-2023-54298

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:18.903

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54298

Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54298 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object