{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53363","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:54:09.733Z","datePublished":"2025-09-17T14:56:52.401Z","dateUpdated":"2026-05-11T19:43:30.054Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:43:30.054Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix use-after-free in pci_bus_release_domain_nr()\n\nCommit c14f7ccc9f5d (\"PCI: Assign PCI domain IDs by ida_alloc()\")\nintroduced a use-after-free bug in the bus removal cleanup. The issue was\nfound with kfence:\n\n [ 19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70\n\n [ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115):\n [ 19.309677] pci_bus_release_domain_nr+0x10/0x70\n [ 19.309691] dw_pcie_host_deinit+0x28/0x78\n [ 19.309702] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]\n [ 19.309734] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]\n [ 19.309752] platform_probe+0x90/0xd8\n ...\n\n [ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k\n\n [ 19.311469] allocated by task 96 on cpu 10 at 19.279323s:\n [ 19.311562] __kmem_cache_alloc_node+0x260/0x278\n [ 19.311571] kmalloc_trace+0x24/0x30\n [ 19.311580] pci_alloc_bus+0x24/0xa0\n [ 19.311590] pci_register_host_bridge+0x48/0x4b8\n [ 19.311601] pci_scan_root_bus_bridge+0xc0/0xe8\n [ 19.311613] pci_host_probe+0x18/0xc0\n [ 19.311623] dw_pcie_host_init+0x2c0/0x568\n [ 19.311630] tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194]\n [ 19.311647] platform_probe+0x90/0xd8\n ...\n\n [ 19.311782] freed by task 96 on cpu 10 at 19.285833s:\n [ 19.311799] release_pcibus_dev+0x30/0x40\n [ 19.311808] device_release+0x30/0x90\n [ 19.311814] kobject_put+0xa8/0x120\n [ 19.311832] device_unregister+0x20/0x30\n [ 19.311839] pci_remove_bus+0x78/0x88\n [ 19.311850] pci_remove_root_bus+0x5c/0x98\n [ 19.311860] dw_pcie_host_deinit+0x28/0x78\n [ 19.311866] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]\n [ 19.311883] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]\n [ 19.311900] platform_probe+0x90/0xd8\n ...\n\n [ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4\n [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022\n [ 19.325852] Workqueue: events_unbound deferred_probe_work_func\n\nThe stack trace is a bit misleading as dw_pcie_host_deinit() doesn't\ndirectly call pci_bus_release_domain_nr(). The issue turns out to be in\npci_remove_root_bus() which first calls pci_remove_bus() which frees the\nstruct pci_bus when its struct device is released. Then\npci_bus_release_domain_nr() is called and accesses the freed struct\npci_bus. Reordering these fixes the issue."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/pci/remove.c"],"versions":[{"version":"f8b6bd6c04d4dfc4c200e6fa306e61e3b42ec5fc","lessThan":"52b0343c7d628f37b38e3279ba585526b850ad3b","status":"affected","versionType":"git"},{"version":"db273126bf548a2dc611372e8f6a817b2b16b563","lessThan":"ad367516b1c09317111255ecfbf5e42c33e31918","status":"affected","versionType":"git"},{"version":"ead4d69b3ef047b0f670511d81e9ced7ac876b44","lessThan":"fbf45385e3419b8698b5e0a434847072375cfec2","status":"affected","versionType":"git"},{"version":"c14f7ccc9f5dcf9d06ddeec706f85405b2c80600","lessThan":"07a75c0050e59c50f038cc5f4e2a3258c8f8c9d0","status":"affected","versionType":"git"},{"version":"c14f7ccc9f5dcf9d06ddeec706f85405b2c80600","lessThan":"30ba2d09edb5ea857a1473ae3d820911347ada62","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/pci/remove.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.2.12","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.2.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/52b0343c7d628f37b38e3279ba585526b850ad3b"},{"url":"https://git.kernel.org/stable/c/ad367516b1c09317111255ecfbf5e42c33e31918"},{"url":"https://git.kernel.org/stable/c/fbf45385e3419b8698b5e0a434847072375cfec2"},{"url":"https://git.kernel.org/stable/c/07a75c0050e59c50f038cc5f4e2a3258c8f8c9d0"},{"url":"https://git.kernel.org/stable/c/30ba2d09edb5ea857a1473ae3d820911347ada62"}],"title":"PCI: Fix use-after-free in pci_bus_release_domain_nr()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53363","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-01-14T18:44:47.836349Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:53:01.141Z"}}]}}