CVE-2023-53253

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: nvidia-shield: Reference hid_device devm allocation of input_dev name

Use hid_device for devm allocation of the input_dev name to avoid a use-after-free. input_unregister_device would trigger devres cleanup of all resources associated with the input_dev, free-ing the name. The name would subsequently be used in a uevent fired at the end of unregistering the input_dev.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux09308562d4afb1abc66366608fa1cb9de783272f < b85d3807e5ec368bfd5b20245347d7c1434aff76affected
LinuxLinux09308562d4afb1abc66366608fa1cb9de783272f < 197d3143520fec9fde89aebabc9f0d7464f08e50affected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.5.3 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References