CVE-2023-53123 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-53123?

CVE-2023-53123 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's PCI subsystem on s390 architecture systems. When PCI functions are individually hot-unplugged (common with SR-IOV VFs), their MMIO resources are freed but remain referenced in PCI bus resource lists, potentially causing memory corruption when functions are re-added. This affects Linux systems running on IBM s390/zSeries architecture with PCI hotplug functionality.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's PCI subsystem on s390 architecture systems. When PCI functions are individually hot-unplugged (common with SR-IOV VFs), their MMIO resources are freed but remain referenced in PCI bus resource lists, potentially causing memory corruption when functions are re-added. This affects Linux systems running on IBM s390/zSeries architecture with PCI hotplug functionality.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions running on IBM s390/zSeries architecture

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when running on s390 architecture with PCI hotplug functionality enabled and used. x86 and other architectures are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, kernel panics, or denial of service when PCI functions are hot-unplugged and re-added.

🟢

If Mitigated

No impact if systems don't use PCI hotplug on s390 or have patched kernels.

🌐 Internet-Facing: LOW - Requires local access to PCI hotplug functionality.

🏢 Internal Only: MEDIUM - Could be exploited by privileged users or through automated management tools.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires privileged access to trigger PCI hot-unplug operations. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 437bb839e36cc9f35adc6d2a2bf113b7a0fc9985, a2410d0c3d2d714ed968a135dfcbed6aa3ff7027, ab909509850b27fd39b8ba99e44cda39dbc3858c, b99ebf4b62774e690e73a551cf5fbf6f219bdd96

Vendor Advisory: https://git.kernel.org/stable/c/437bb839e36cc9f35adc6d2a2bf113b7a0fc9985

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your Linux distribution vendor. 2. For custom kernels, apply the referenced git commits. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable PCI hotplug on s390 systems

linux

Prevent PCI function hot-unplug operations that trigger the vulnerability

echo 0 > /sys/bus/pci/slots/[slot_number]/power

🧯 If You Can't Patch

Restrict PCI hotplug operations to trusted administrators only
Monitor system logs for PCI hotplug events and investigate any unexpected activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: uname -a | grep s390 && check if kernel version is before the fix

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is from a distribution that has backported the patches

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to PCI or memory corruption
PCI hotplug events in system logs

Network Indicators:

None - this is a local kernel vulnerability

SIEM Query:

source="kernel" AND ("PCI" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2023-53123

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: May 2, 2025

Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53123, you might also want to check these: