What is CVE-2023-54118?

CVE-2023-54118 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.16 onward and patched in 5.10.173, 5.15.100, 6.1.18 and others. CVE-2023-54118 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54118?

CVE-2023-54118 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54118?

Yes, CVE-2023-54118 has been patched. Fixed versions include 5.10.173, 5.15.100, 6.1.18 and others. If you are running Linux kernel 3.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54118 actively exploited?

CVE-2023-54118 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54118

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx] ... Call trace: sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] gpiod_direction_output_raw_commit+0x64/0x318 gpiod_direction_output+0xb0/0x170 create_gpio_led+0xec/0x198 gpio_led_probe+0x16c/0x4f0 platform_drv_probe+0x5c/0xb0 really_probe+0xe8/0x448 driver_probe_device+0xe8/0x138 __device_attach_driver+0x94/0x118 bus_for_each_drv+0x8c/0xe0 __device_attach+0x100/0x1b8 device_initial_probe+0x28/0x38 bus_probe_device+0xa4/0xb0 deferred_probe_work_func+0x90/0xe0 process_one_work+0x1c4/0x480 worker_thread+0x54/0x430 kthread+0x138/0x150 ret_from_fork+0x10/0x1c This patch moves the setup of the GPIO controller functions to later in the probe function, ensuring the sc16is7xx device has already finished initialising by the time other devices try to make use of the GPIO lines. The error handling has also been reordered to reflect the new initialisation order.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.16 and later are affected. Fixed in 5.10.173, 5.15.100, 6.1.18, 6.2.5, 6.3 and their respective stable series.

Affected from

≥ 3.16

Fixed in

✓ 5.10.173 5.10.x ✓ 5.15.100 5.15.x ✓ 6.1.18 6.1.x ✓ 6.2.5 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-54118 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/17b96b5c19bec791b433890549e44ca523dc82aa
Patch
Kernel patch commit
https://git.kernel.org/stable/c/49b326ce8a686428d8cbb82ed74fc88ed3f95a51
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b71ff206707855ce73c04794c76f7b678b2d4f72
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54118?

CVE-2023-54118 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.16 onward and has been patched in 5.10.173, 5.15.100, 6.1.18 and others. CVE-2023-54118 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54118?

Yes — CVE-2023-54118 has been patched. Fixed versions include 5.10.173, 5.15.100, 6.1.18 and others. If you are running Linux kernel 3.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54118 actively exploited?

No — CVE-2023-54118 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.