CVE-2023-54049 in Linuxinfo

Summary

by MITRE • 12/24/2025

In the Linux kernel, the following vulnerability has been resolved:

rpmsg: glink: Add check for kstrdup

Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 12/30/2025

The vulnerability identified as CVE-2023-54049 represents a critical NULL pointer dereference issue within the Linux kernel's rpmsg glink subsystem. This subsystem facilitates communication between different processors in embedded systems and SoC architectures, particularly in automotive and industrial applications where reliable inter-processor communication is essential. The flaw exists in the kernel's remote processor messaging framework that enables devices to communicate across different processing units through shared memory mechanisms.

The technical root cause of this vulnerability stems from inadequate error handling within the rpmsg glink implementation where the kstrdup() function is called without proper validation of its return value. The kstrdup() function allocates memory and copies a string, returning a pointer to the newly allocated memory or NULL if the allocation fails. In the affected code path, the kernel fails to check whether this allocation succeeded before proceeding with operations that assume the pointer is valid. When memory allocation fails and kstrdup() returns NULL, subsequent code attempts to dereference this NULL pointer, leading to an immediate kernel panic or system crash.

This vulnerability directly maps to CWE-476 which defines NULL Pointer Dereference as a condition where a null pointer is dereferenced, and aligns with ATT&CK technique T1499.004 for Network Denial of Service through kernel-level exploits. The operational impact is severe as it can result in complete system unavailability, particularly in embedded systems where the kernel is responsible for critical functions such as automotive control systems, industrial automation, or IoT devices. The vulnerability affects any system running a Linux kernel version that includes the rpmsg glink subsystem, making it particularly concerning for devices where system uptime is critical.

The exploitability of this vulnerability requires specific conditions where the rpmsg glink communication path is actively used and memory allocation fails during string duplication operations. Attackers could potentially trigger this condition through resource exhaustion or by manipulating the communication parameters to force memory allocation failures. Mitigation strategies should include applying the kernel patch that implements proper error checking for kstrdup() return values, ensuring that any allocation failure results in appropriate error codes being returned rather than proceeding with NULL pointer dereference operations. System administrators should prioritize updating affected kernel versions and implementing memory monitoring to detect potential allocation failures that could lead to exploitation of this vulnerability.

Responsible

Linux

Reservation

12/24/2025

Disclosure

12/24/2025

Moderation

accepted

CPE

ready

EPSS

0.00233

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!