CVE-2023-53039

EPSS 0.07%
Veröffentlicht 02.05.2025 15:54:57
Zuletzt bearbeitet 12.11.2025 19:14:08
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

HID: intel-ish-hid: ipc: Fix potential use-after-free in work function

In the Linux kernel, the following vulnerability has been resolved:

HID: intel-ish-hid: ipc: Fix potential use-after-free in work function

When a reset notify IPC message is received, the ISR schedules a work
function and passes the ISHTP device to it via a global pointer
ishtp_dev. If ish_probe() fails, the devm-managed device resources
including ishtp_dev are freed, but the work is not cancelled, causing a
use-after-free when the work function tries to access ishtp_dev. Use
devm_work_autocancel() instead, so that the work is automatically
cancelled if probe fails.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 4 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.9 < 5.15.105

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.22

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.9

Linux ≫ Linux Kernel Version6.3 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/8c1d378b8c224fd50247625255f09fc01dcc5836

Patch

https://git.kernel.org/stable/c/0a594cb490ca6232671fc09e2dc1a0fc7ccbb0b5

Patch

https://git.kernel.org/stable/c/d3ce3afd9f791dd1b7daedfcf8c396b60af5dec0

Patch

https://git.kernel.org/stable/c/8ae2f2b0a28416ed2f6d8478ac8b9f7862f36785

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53039

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-53039