{"id":"CVE-2023-53182","summary":"ACPICA: Avoid undefined behavior: applying zero offset to null pointer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Avoid undefined behavior: applying zero offset to null pointer\n\nACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e\n\nBefore this change we see the following UBSAN stack trace in Fuchsia:\n\n  #0    0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682 \u003cplatform-bus-x86.so\u003e+0x233302\n  #1.2  0x000020d0f660777f in ubsan_get_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:41 \u003clibclang_rt.asan.so\u003e+0x3d77f\n  #1.1  0x000020d0f660777f in maybe_print_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:51 \u003clibclang_rt.asan.so\u003e+0x3d77f\n  #1    0x000020d0f660777f in ~scoped_report() compiler-rt/lib/ubsan/ubsan_diag.cpp:387 \u003clibclang_rt.asan.so\u003e+0x3d77f\n  #2    0x000020d0f660b96d in handlepointer_overflow_impl() compiler-rt/lib/ubsan/ubsan_handlers.cpp:809 \u003clibclang_rt.asan.so\u003e+0x4196d\n  #3    0x000020d0f660b50d in compiler-rt/lib/ubsan/ubsan_handlers.cpp:815 \u003clibclang_rt.asan.so\u003e+0x4150d\n  #4    0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682 \u003cplatform-bus-x86.so\u003e+0x233302\n  #5    0x000021e4213e2369 in acpi_ds_call_control_method(struct acpi_thread_state*, struct acpi_walk_state*, union acpi_parse_object*) ../../third_party/acpica/source/components/dispatcher/dsmethod.c:605 \u003cplatform-bus-x86.so\u003e+0x262369\n  #6    0x000021e421437fac in acpi_ps_parse_aml(struct acpi_walk_state*) ../../third_party/acpica/source/components/parser/psparse.c:550 \u003cplatform-bus-x86.so\u003e+0x2b7fac\n  #7    0x000021e4214464d2 in acpi_ps_execute_method(struct acpi_evaluate_info*) ../../third_party/acpica/source/components/parser/psxface.c:244 \u003cplatform-bus-x86.so\u003e+0x2c64d2\n  #8    0x000021e4213aa052 in acpi_ns_evaluate(struct acpi_evaluate_info*) ../../third_party/acpica/source/components/namespace/nseval.c:250 \u003cplatform-bus-x86.so\u003e+0x22a052\n  #9    0x000021e421413dd8 in acpi_ns_init_one_device(acpi_handle, u32, void*, void**) ../../third_party/acpica/source/components/namespace/nsinit.c:735 \u003cplatform-bus-x86.so\u003e+0x293dd8\n  #10   0x000021e421429e98 in acpi_ns_walk_namespace(acpi_object_type, acpi_handle, u32, u32, acpi_walk_callback, acpi_walk_callback, void*, void**) ../../third_party/acpica/source/components/namespace/nswalk.c:298 \u003cplatform-bus-x86.so\u003e+0x2a9e98\n  #11   0x000021e4214131ac in acpi_ns_initialize_devices(u32) ../../third_party/acpica/source/components/namespace/nsinit.c:268 \u003cplatform-bus-x86.so\u003e+0x2931ac\n  #12   0x000021e42147c40d in acpi_initialize_objects(u32) ../../third_party/acpica/source/components/utilities/utxfinit.c:304 \u003cplatform-bus-x86.so\u003e+0x2fc40d\n  #13   0x000021e42126d603 in acpi::acpi_impl::initialize_acpi(acpi::acpi_impl*) ../../src/devices/board/lib/acpi/acpi-impl.cc:224 \u003cplatform-bus-x86.so\u003e+0xed603\n\nAdd a simple check that avoids incrementing a pointer by zero, but\notherwise behaves as before. Note that our findings are against ACPICA\n20221020, but the same code exists on master.","modified":"2026-03-20T12:33:00.702178Z","published":"2025-09-15T14:04:33.101Z","related":["SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53182.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/05bb0167c80b8f93c6a4e0451b7da9b96db990c2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/16359bc02c093b0862e31739c07673340a2106a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3048c6b84a51e4ba4a89385ed218d19a670edd47"},{"type":"WEB","url":"https://git.kernel.org/stable/c/35465c7a91c6b46e7c14d0c01d0084349a38ce51"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3a7a4aa3958ce0c4938a443d65001debe9a9af9c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5a2d0dcb47b16f84880a59571eab8a004e3236d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/710e09fd116e2fa53e319a416ad4e4f8027682b6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c4a7163b7f1495e3cc58bec7a4100de6612cde9"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53182.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53182"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"5a2d0dcb47b16f84880a59571eab8a004e3236d7"},{"fixed":"35465c7a91c6b46e7c14d0c01d0084349a38ce51"},{"fixed":"710e09fd116e2fa53e319a416ad4e4f8027682b6"},{"fixed":"16359bc02c093b0862e31739c07673340a2106a6"},{"fixed":"3a7a4aa3958ce0c4938a443d65001debe9a9af9c"},{"fixed":"8c4a7163b7f1495e3cc58bec7a4100de6612cde9"},{"fixed":"3048c6b84a51e4ba4a89385ed218d19a670edd47"},{"fixed":"05bb0167c80b8f93c6a4e0451b7da9b96db990c2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53182.json"}}],"schema_version":"1.7.5"}