CVE-2023-54044 in Linux
Summary
by MITRE • 12/24/2025
In the Linux kernel, the following vulnerability has been resolved:
spmi: Add a check for remove callback when removing a SPMI driver
When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver:
dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic]
__do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0
If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/30/2025
The vulnerability CVE-2023-54044 represents a critical NULL pointer dereference issue within the Linux kernel's SPMI (System Power Management Interface) subsystem. This flaw specifically affects the removal process of SPMI drivers, where the kernel fails to validate whether a remove callback function exists before attempting to execute it. The vulnerability manifests when a SPMI driver is unloaded from the system, particularly impacting the Qualcomm SPMI PMIC driver as evidenced by the call trace. The issue stems from the kernel's assumption that all SPMI drivers will have a properly defined remove callback, which is not always the case in modern driver implementations that utilize devm_() memory management APIs for automatic resource cleanup.
The technical implementation of this vulnerability occurs at the spmi_drv_remove function level where the kernel attempts to invoke a driver's remove callback without first verifying its existence. This pattern is particularly problematic in the context of modern Linux driver development where the devm_() family of functions automatically handles resource cleanup during driver removal, eliminating the need for explicit remove callback implementations. When such drivers are removed, the kernel's removal code path directly calls the non-existent callback function, resulting in immediate system crash and potential panic conditions. The call trace demonstrates this failure path through multiple kernel components including dump_backtrace, dump_stack_lvl, and panic functions, indicating a complete system failure scenario.
From an operational perspective, this vulnerability poses significant security and stability risks to embedded systems and mobile devices that rely on SPMI interfaces for power management and system control. The NULL pointer dereference can lead to complete system crashes, potentially causing denial of service conditions that may be exploited by malicious actors to disrupt system operations. The vulnerability affects systems running Linux kernels with SPMI support, particularly those utilizing Qualcomm-based power management controllers. This flaw directly impacts the reliability of device power management systems and could be leveraged in supply chain attacks or system compromise scenarios, especially in environments where automated driver loading and unloading occurs frequently.
The remediation for CVE-2023-54044 involves implementing a simple but crucial validation check within the SPMI driver removal code path. The fix requires adding a conditional check to verify the presence of a remove callback before attempting to execute it, ensuring that the kernel only calls defined callback functions. This approach aligns with security best practices outlined in CWE-476 which addresses NULL pointer dereference vulnerabilities, and follows the principle of defensive programming. The solution is minimal and focused, changing only the specific code path that causes the crash while maintaining all existing functionality. This fix directly addresses the ATT&CK technique T1490 which involves system destruction through denial of service, preventing the crash scenario that could be exploited to compromise system availability.
The vulnerability demonstrates the importance of proper input validation and defensive programming practices within kernel space code. Modern driver development patterns utilizing devm_() APIs have reduced the necessity for explicit cleanup callbacks, but kernel subsystems must maintain backward compatibility and robust error handling. The fix ensures that the SPMI subsystem properly handles drivers regardless of their callback implementation status, improving overall system stability and preventing potential exploitation scenarios. This vulnerability highlights the ongoing challenge of maintaining compatibility between legacy kernel subsystems and modern driver development practices, where assumptions about driver behavior can lead to critical security flaws. The solution represents a standard defensive programming approach that should be applied to similar kernel subsystems where optional callback functions may be invoked without proper validation checks.