CVE-2023-53856 in Linux
Summary
by MITRE • 12/09/2025
In the Linux kernel, the following vulnerability has been resolved:
of: overlay: Call of_changeset_init() early
When of_overlay_fdt_apply() fails, the changeset may be partially applied, and the caller is still expected to call of_overlay_remove() to clean up this partial state.
However, of_overlay_apply() calls of_resolve_phandles() before init_overlay_changeset(). Hence if the overlay fails to apply due to an unresolved symbol, the overlay_changeset.cset.entries list is still uninitialized, and cleanup will crash with a NULL-pointer dereference in overlay_removal_is_ok().
Fix this by moving the call to of_changeset_init() from init_overlay_changeset() to of_overlay_fdt_apply(), where all other early initialization is done.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/30/2026
This vulnerability exists in the Linux kernel's device tree overlay subsystem and represents a critical flaw in the overlay application process that can lead to system instability and potential denial of service conditions. The issue stems from the improper ordering of function calls within the overlay application mechanism, specifically affecting how changesets are initialized during overlay processing. When the overlay application fails due to unresolved symbols or other errors, the system attempts to clean up the partially applied state through the of_overlay_remove() function, but this cleanup process crashes due to a null pointer dereference.
The technical root cause of CVE-2023-53856 lies in the sequence of operations within the device tree overlay framework where of_overlay_apply() invokes of_resolve_phandles() before calling init_overlay_changeset(). This ordering problem means that when an overlay fails to apply, the overlay_changeset.cset.entries list remains uninitialized, creating a scenario where subsequent cleanup operations attempt to access memory locations that have not been properly allocated. The vulnerability manifests when the system tries to perform overlay removal operations after a failed overlay application, resulting in a NULL-pointer dereference within the overlay_removal_is_ok() function.
The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise the stability of embedded systems and server environments that rely heavily on device tree overlays for hardware configuration management. Attackers could exploit this weakness to cause denial of service conditions by triggering overlay application failures followed by cleanup operations, effectively rendering the system unstable or unresponsive. This vulnerability affects systems using the Linux kernel's device tree overlay functionality, particularly those implementing dynamic hardware configuration changes or using overlay mechanisms for device management in embedded environments.
The fix for CVE-2023-53856 addresses the core issue by repositioning the of_changeset_init() call from the init_overlay_changeset() function to the of_overlay_fdt_apply() function, ensuring that all early initialization occurs at the appropriate point in the overlay application process. This change aligns with the principle of proper resource initialization ordering and follows established patterns for managing overlay state transitions. The solution directly addresses the null pointer dereference vulnerability by ensuring that changeset initialization occurs before any cleanup operations are attempted, preventing the crash condition that would otherwise occur when overlay removal processes encounter uninitialized data structures.
This vulnerability maps to CWE-476 Null Pointer Dereference, which is a common weakness in software systems where pointers are not properly validated before use. The flaw also relates to ATT&CK technique T1490 Inhibit System Recovery, as the denial of service conditions created by this vulnerability can prevent normal system operation and recovery mechanisms from functioning properly. The fix demonstrates proper defensive programming practices by ensuring that all resources are properly initialized before being accessed, which is a fundamental principle in secure software development and system reliability engineering. The remediation approach follows best practices for managing complex state transitions in kernel subsystems and ensures that cleanup operations can proceed safely even when initial operations fail.