CVE-2023-53039

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-53039

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53039.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-53039

Downstream

BELL-CVE-2023-53039

DEBIAN-CVE-2023-53039

OESA-2025-1648

OESA-2025-1649

RHSA-2023:6583

RHSA-2023:7077

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:01982-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

UBUNTU-CVE-2023-53039

Related

Published

2025-05-02T16:15:23Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: intel-ish-hid: ipc: Fix potential use-after-free in work function

When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtpdev. If ishprobe() fails, the devm-managed device resources including ishtpdev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtpdev. Use devmworkautocancel() instead, so that the work is automatically cancelled if probe fails.

References

Affected packages