CVE-2023-53594

EPSS 0.02%
Published 04.10.2025 15:44:07
Last modified 06.10.2025 14:56:21
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

driver core: fix resource leak in device_add()

When calling kobject_add() failed in device_add(), it will call
cleanup_glue_dir() to free resource. But in kobject_add(),
dev->kobj.parent has been set to NULL. This will cause resource leak.

The process is as follows:
device_add()
	get_device_parent()
		class_dir_create_and_add()
			kobject_add()		//kobject_get()
	...
	dev->kobj.parent = kobj;
	...
	kobject_add()		//failed, but set dev->kobj.parent = NULL
	...
	glue_dir = get_glue_dir(dev)	//glue_dir = NULL, and goto
					//"Error" label
	...
	cleanup_glue_dir()	//becaues glue_dir is NULL, not call
				//kobject_put()

The preceding problem may cause insmod mac80211_hwsim.ko to failed.
sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim'
Call Trace:
<TASK>
dump_stack_lvl+0x8e/0xd1
sysfs_warn_dup.cold+0x1c/0x29
sysfs_create_dir_ns+0x224/0x280
kobject_add_internal+0x2aa/0x880
kobject_add+0x135/0x1a0
get_device_parent+0x3d7/0x590
device_add+0x2aa/0x1cb0
device_create_groups_vargs+0x1eb/0x260
device_create+0xdc/0x110
mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim]
init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim]
do_one_initcall+0x10f/0x630
do_init_module+0x19f/0x5e0
load_module+0x64b7/0x6eb0
__do_sys_finit_module+0x140/0x200
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to
register things with the same name in the same directory.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 8d389e363075c2e1deb84a560686ea92123e4b8b

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version < d1dbff10c6cd3b43457f3efd3c9c4950009635bf

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version < f39d21154db87545d8f0b25d13c326f37cc32239

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version < 6977b1a5d67097eaa4d02b0c126c04cc6e8917c0

Version cebf8fd16900fdfd58c0028617944f808f97fe50

Status affected

Version e7f6e3c9db4b6f259c89fd05728d024ab32acd71

Status affected

Version a93a63333dbdb182b87e8cc99df8b4474f867acb

Status affected

Version 37de955c11b59050346e530143c20b10b4846527

Status affected

Version 645897231f960590220144b06d1f994b7eb88326

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 4.9

Status affected

Version < 4.9

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/8d389e363075c2e1deb84a560686ea92123e4b8b

https://git.kernel.org/stable/c/d1dbff10c6cd3b43457f3efd3c9c4950009635bf

https://git.kernel.org/stable/c/f39d21154db87545d8f0b25d13c326f37cc32239

https://git.kernel.org/stable/c/6977b1a5d67097eaa4d02b0c126c04cc6e8917c0

https://nvd.nist.gov/vuln/detail/CVE-2023-53594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53594

EUVD