CVE-2023-53594

EPSS 0.02%
Veröffentlicht 04.10.2025 15:44:07
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

driver core: fix resource leak in device_add()

When calling kobject_add() failed in device_add(), it will call
cleanup_glue_dir() to free resource. But in kobject_add(),
dev->kobj.parent has been set to NULL. This will cause resource leak.

The process is as follows:
device_add()
	get_device_parent()
		class_dir_create_and_add()
			kobject_add()		//kobject_get()
	...
	dev->kobj.parent = kobj;
	...
	kobject_add()		//failed, but set dev->kobj.parent = NULL
	...
	glue_dir = get_glue_dir(dev)	//glue_dir = NULL, and goto
					//"Error" label
	...
	cleanup_glue_dir()	//becaues glue_dir is NULL, not call
				//kobject_put()

The preceding problem may cause insmod mac80211_hwsim.ko to failed.
sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim'
Call Trace:
<TASK>
dump_stack_lvl+0x8e/0xd1
sysfs_warn_dup.cold+0x1c/0x29
sysfs_create_dir_ns+0x224/0x280
kobject_add_internal+0x2aa/0x880
kobject_add+0x135/0x1a0
get_device_parent+0x3d7/0x590
device_add+0x2aa/0x1cb0
device_create_groups_vargs+0x1eb/0x260
device_create+0xdc/0x110
mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim]
init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim]
do_one_initcall+0x10f/0x630
do_init_module+0x19f/0x5e0
load_module+0x64b7/0x6eb0
__do_sys_finit_module+0x140/0x200
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to
register things with the same name in the same directory.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8d389e363075c2e1deb84a560686ea92123e4b8b

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version < d1dbff10c6cd3b43457f3efd3c9c4950009635bf

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version < f39d21154db87545d8f0b25d13c326f37cc32239

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version < 6977b1a5d67097eaa4d02b0c126c04cc6e8917c0

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version e7f6e3c9db4b6f259c89fd05728d024ab32acd71

Status affected

Version a93a63333dbdb182b87e8cc99df8b4474f867acb

Status affected

Version 37de955c11b59050346e530143c20b10b4846527

Status affected

Version 645897231f960590220144b06d1f994b7eb88326

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.9

Status affected

Version < 4.9

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/8d389e363075c2e1deb84a560686ea92123e4b8b

https://git.kernel.org/stable/c/d1dbff10c6cd3b43457f3efd3c9c4950009635bf

https://git.kernel.org/stable/c/f39d21154db87545d8f0b25d13c326f37cc32239

https://git.kernel.org/stable/c/6977b1a5d67097eaa4d02b0c126c04cc6e8917c0

https://nvd.nist.gov/vuln/detail/CVE-2023-53594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53594

EUVD