Description

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp_dev. If ish_probe() fails, the devm-managed device resources including ishtp_dev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtp_dev. Use devm_work_autocancel() instead, so that the work is automatically cancelled if probe fails.

INFO

Published Date :

2025-05-02T15:54:57.876Z

Last Modified :

2025-06-19T12:56:33.311Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53039 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53039.

URL Resource
https://git.kernel.org/stable/c/0a594cb490ca6232671fc09e2dc1a0fc7ccbb0b5 cve-icon cve-icon
https://git.kernel.org/stable/c/8ae2f2b0a28416ed2f6d8478ac8b9f7862f36785 cve-icon cve-icon
https://git.kernel.org/stable/c/8c1d378b8c224fd50247625255f09fc01dcc5836 cve-icon cve-icon
https://git.kernel.org/stable/c/d3ce3afd9f791dd1b7daedfcf8c396b60af5dec0 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050202-CVE-2023-53039-7efe@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53039 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53039 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact