| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091502-CVE-2023-53253-c59c@gregkh> Date: Mon, 15 Sep 2025 16:46:28 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53253: HID: nvidia-shield: Reference hid_device devm allocation of input_dev name From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hid_device devm allocation of input_dev name Use hid_device for devm allocation of the input_dev name to avoid a use-after-free. input_unregister_device would trigger devres cleanup of all resources associated with the input_dev, free-ing the name. The name would subsequently be used in a uevent fired at the end of unregistering the input_dev. The Linux kernel CVE team has assigned CVE-2023-53253 to this issue. Affected and fixed versions =========================== Issue introduced in 6.5 with commit 09308562d4afb1abc66366608fa1cb9de783272f and fixed in 6.5.3 with commit b85d3807e5ec368bfd5b20245347d7c1434aff76 Issue introduced in 6.5 with commit 09308562d4afb1abc66366608fa1cb9de783272f and fixed in 6.6 with commit 197d3143520fec9fde89aebabc9f0d7464f08e50 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53253 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hid/hid-nvidia-shield.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b85d3807e5ec368bfd5b20245347d7c1434aff76 https://git.kernel.org/stable/c/197d3143520fec9fde89aebabc9f0d7464f08e50
Powered by blists - more mailing lists