What is CVE-2023-54044?

CVE-2023-54044 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.15 onward and patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-54044 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54044?

CVE-2023-54044 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54044?

Yes, CVE-2023-54044 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 3.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54044 actively exploited?

CVE-2023-54044 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54044

In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver: dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic] __do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0 If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.15 and later are affected. Fixed in 4.14.315, 4.19.283, 5.4.243, 5.10.180, 5.15.111, 6.1.28, 6.2.15, 6.3.2, 6.4 and their respective stable series.

Affected from

≥ 3.15

Fixed in

✓ 4.14.315 4.14.x ✓ 4.19.283 4.19.x ✓ 5.4.243 5.4.x ✓ 5.10.180 5.10.x ✓ 5.15.111 5.15.x ✓ 6.1.28 6.1.x ✓ 6.2.15 6.2.x ✓ 6.3.2 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54044 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408
Patch
Kernel patch commit
https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54044?

CVE-2023-54044 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.15 onward and has been patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-54044 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54044?

Yes — CVE-2023-54044 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 3.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54044 actively exploited?

No — CVE-2023-54044 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.