Wind River Support Network

HomeDefectsLIN1022-18478
Acknowledged

LIN1022-18478 : Security Advisory - linux - CVE-2023-53480

Created: Oct 10, 2025    Updated: Oct 17, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]kobject: Add sanity check for kset->kobj.ktype in kset_register()[EOL][EOL]When I register a kset in the following way:[EOL]\tstatic struct kset my_kset;[EOL]\tkobject_set_name(&my_kset.kobj, "my_kset");[EOL]        ret = kset_register(&my_kset);[EOL][EOL]A null pointer dereference exception is occurred:[EOL][ 4453.568337] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028[EOL]... ...[EOL][ 4453.810361] Call trace:[EOL][ 4453.813062]  kobject_get_ownership+0xc/0x34[EOL][ 4453.817493]  kobject_add_internal+0x98/0x274[EOL][ 4453.822005]  kset_register+0x5c/0xb4[EOL][ 4453.825820]  my_kobj_init+0x44/0x1000 [my_kset][EOL]... ...[EOL][EOL]Because I didn't initialize my_kset.kobj.ktype.[EOL][EOL]According to the description in Documentation/core-api/kobject.rst:[EOL] - A ktype is the type of object that embeds a kobject.  Every structure[EOL]   that embeds a kobject needs a corresponding ktype.[EOL][EOL]So add sanity check to make sure kset->kobj.ktype is not NULL.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube