CVE-2023-53098 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2023-53098?

CVE-2023-53098 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's gpio-ir-recv driver can cause a kernel panic when the driver is removed while runtime power management is enabled. This affects systems using GPIO-based infrared receivers with the affected driver. The vulnerability leads to denial of service but not privilege escalation.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's gpio-ir-recv driver can cause a kernel panic when the driver is removed while runtime power management is enabled. This affects systems using GPIO-based infrared receivers with the affected driver. The vulnerability leads to denial of service but not privilege escalation.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before fixes in stable releases (specific commits listed in references)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when gpio_ir_recv driver is loaded and runtime PM is enabled. Requires CONFIG_RC_GPIO_IR_RECV and CONFIG_PM configurations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.

🟠

Likely Case

System crash when unloading the gpio_ir_recv module or during driver removal operations.

🟢

If Mitigated

No impact if the driver isn't loaded or runtime PM is disabled.

🌐 Internet-Facing: LOW - Requires local access or ability to load/unload kernel modules.

🏢 Internal Only: MEDIUM - Local users or processes with module loading privileges can trigger crashes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to load/unload kernel modules (typically root or CAP_SYS_MODULE). The crash is triggered during normal driver removal operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 00e81f191bc00cb6faabf468960e96ebf0404a6c, 2ece4d2f7eac1cb51dc0e9859e09bfdb00faa28e, 30040818b338b8ebc956ce0ebd198f8d593586a6, 513572bb89e8075f5d2a2bb4c89f1152e44da9d8, a5c140d88a69eb43de2a030f1d7ff7b16bff3b1a

Vendor Advisory: https://git.kernel.org/stable/c/00e81f191bc00cb6faabf468960e96ebf0404a6c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system. 3. Verify kernel version is updated.

🔧 Temporary Workarounds

Disable runtime PM for gpio_ir_recv

linux

Prevent the runtime suspend/resume operations that trigger the NULL pointer dereference

echo 0 > /sys/bus/platform/drivers/gpio_ir_recv/.../power/control

Blacklist gpio_ir_recv module

linux

Prevent loading of the vulnerable driver

echo 'blacklist gpio_ir_recv' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict module loading to trusted users only (remove CAP_SYS_MODULE from untrusted users)
Monitor for gpio_ir_recv module loading/unloading and investigate suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if gpio_ir_recv module is loaded: lsmod | grep gpio_ir_recv. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits. Test by loading/unloading gpio_ir_recv module with runtime PM enabled.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning cpu_latency_qos_remove_request
NULL pointer dereference at address 0x48 in kernel logs
Driver removal errors for gpio_ir_recv

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("cpu_latency_qos_remove_request" OR "gpio_ir_recv" AND "NULL pointer")

📊 Metadata

CVE ID: CVE-2023-53098

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: May 2, 2025

Last Updated: November 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53098, you might also want to check these: