{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54026","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:53:46.179Z","datePublished":"2025-12-24T10:55:55.182Z","dateUpdated":"2026-05-11T19:53:59.774Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:53:59.774Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nopp: Fix use-after-free in lazy_opp_tables after probe deferral\n\nWhen dev_pm_opp_of_find_icc_paths() in _allocate_opp_table() returns\n-EPROBE_DEFER, the opp_table is freed again, to wait until all the\ninterconnect paths are available.\n\nHowever, if the OPP table is using required-opps then it may already\nhave been added to the global lazy_opp_tables list. The error path\ndoes not remove the opp_table from the list again.\n\nThis can cause crashes later when the provider of the required-opps\nis added, since we will iterate over OPP tables that have already been\nfreed. E.g.:\n\n  Unable to handle kernel NULL pointer dereference when read\n  CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.4.0-rc3\n  PC is at _of_add_opp_table_v2 (include/linux/of.h:949\n  drivers/opp/of.c:98 drivers/opp/of.c:344 drivers/opp/of.c:404\n  drivers/opp/of.c:1032) -> lazy_link_required_opp_table()\n\nFix this by calling _of_clear_opp_table() to remove the opp_table from\nthe list and clear other allocated resources. While at it, also add the\nmissing mutex_destroy() calls in the error path."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/opp/core.c"],"versions":[{"version":"7eba0c7641b0009818e469dbfcdd87a0155ab9d4","lessThan":"39a0e723d3502f6dc4c603f57ebe8dc7bcc4a4bc","status":"affected","versionType":"git"},{"version":"7eba0c7641b0009818e469dbfcdd87a0155ab9d4","lessThan":"76ab057de777723ec924654502d1a260ba7d7d54","status":"affected","versionType":"git"},{"version":"7eba0c7641b0009818e469dbfcdd87a0155ab9d4","lessThan":"c05e76d6b249e5254c31994eedd06dd3cc90dee0","status":"affected","versionType":"git"},{"version":"7eba0c7641b0009818e469dbfcdd87a0155ab9d4","lessThan":"b2a2ab039bd58f51355e33d7d3fc64605d7f870d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/opp/core.c"],"versions":[{"version":"5.12","status":"affected"},{"version":"0","lessThan":"5.12","status":"unaffected","versionType":"semver"},{"version":"5.15.121","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.40","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.5","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.15.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.1.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.4.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/39a0e723d3502f6dc4c603f57ebe8dc7bcc4a4bc"},{"url":"https://git.kernel.org/stable/c/76ab057de777723ec924654502d1a260ba7d7d54"},{"url":"https://git.kernel.org/stable/c/c05e76d6b249e5254c31994eedd06dd3cc90dee0"},{"url":"https://git.kernel.org/stable/c/b2a2ab039bd58f51355e33d7d3fc64605d7f870d"}],"title":"opp: Fix use-after-free in lazy_opp_tables after probe deferral","x_generator":{"engine":"bippy-1.2.0"}}}}