AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-53123: In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with

highvulnerability

security

Source: NVD/CVE DatabaseMay 2, 2025CVE-2023-53123

Summary

A vulnerability in the Linux kernel on s390 systems caused a use-after-free bug (accessing memory after it has been freed) in PCI resources when individual functions on multi-function devices were hot-unplugged and then re-added. The bug occurred because the system kept stale references to freed memory resources, which could be incorrectly claimed when the device reappeared.

Solution / Mitigation

The fix introduces a new function called pci_bus_remove_resource() to remove individual resources from the PCI bus's resource list when a PCI function is hot-unplugged, while leaving other functions' resources untouched. Additionally, the MMIO resources (memory-mapped I/O addresses that allow software to communicate with hardware) are no longer added to the struct zpci_bus's resource list, and instead the zpci_bar_struct's resource pointer is used directly.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-416

CAPEC (Attack Pattern)

CAPEC-233

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-53123

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%