CVE-2023-53310 – This CVE describes a race condition vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-53310?

CVE-2023-53310 has a CVSS score of 4.7 (MEDIUM). This CVE describes a race condition vulnerability in the Linux kernel's AXP288 fuel gauge driver that can cause a NULL pointer dereference. When the external_power_changed callback is triggered before the battery information structure is fully initialized, it leads to a kernel crash. This affects Linux systems using Intel Cherry Trail devices with AXP288 power management chips.

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's AXP288 fuel gauge driver that can cause a NULL pointer dereference. When the external_power_changed callback is triggered before the battery information structure is fully initialized, it leads to a kernel crash. This affects Linux systems using Intel Cherry Trail devices with AXP288 power management chips.

💻 Affected Systems

Products:

Linux kernel with AXP288 fuel gauge driver

Versions: Linux kernel versions before the fix commits (check specific stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel Cherry Trail SoCs using AXP288 PMIC. Requires the axp288_fuel_gauge driver to be loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.

🟠

Likely Case

System crash or kernel panic when power state changes occur during driver initialization, requiring reboot.

🟢

If Mitigated

Minor system instability that self-recovers or requires manual intervention.

🌐 Internet-Facing: LOW - This is a local kernel driver issue not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or system processes could trigger the race condition, causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires triggering a race condition during driver initialization, which is timing-dependent and may be difficult to reliably exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 0456b912121e45b3ef54abe3135e5dcb541f956c, a636c6ba9ce898207f283271cb28511206ab739b, or f8319774d6f1567d6e7d03653174ab0c82c5c66d

Vendor Advisory: https://git.kernel.org/stable/c/0456b912121e45b3ef54abe3135e5dcb541f956c

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For custom kernels, apply the patch from the stable tree. 3. No kernel module reload required as fix is in initialization code.

🔧 Temporary Workarounds

Disable AXP288 fuel gauge driver

Linux

Prevent loading of the vulnerable driver module

echo 'blacklist axp288_fuel_gauge' >> /etc/modprobe.d/blacklist.conf
rmmod axp288_fuel_gauge

🧯 If You Can't Patch

Avoid power state changes during system boot/initialization
Monitor system logs for kernel panic events related to axp288_fuel_gauge

🔍 How to Verify

Check if Vulnerable:

Check if axp288_fuel_gauge module is loaded: lsmod | grep axp288_fuel_gauge. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check dmesg for absence of NULL pointer dereference errors related to axp288_fuel_gauge.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference in axp288_fuel_gauge
Oops messages with stack traces mentioning fuel_gauge_external_power_changed

Network Indicators:

None - this is a local kernel issue

SIEM Query:

kernel.panic OR kernel.oops AND axp288_fuel_gauge

📊 Metadata

CVE ID: CVE-2023-53310

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.01% exploit probability (0.6th percentile)

Published: September 16, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53310, you might also want to check these: