PT-2025-18803 · Linux+6 · Linux Kernel+6

Published

2023-02-27

·

Updated

2026-03-14

·

CVE-2023-53039

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A potential use-after-free issue has been identified in the Linux kernel, specifically in the intel-ish-hid ipc component. This issue occurs when a reset notify IPC message is received, and the ISR schedules a work function, passing the ISHTP device via a global pointer. If the ish probe() function fails, the device resources, including the ishtp dev pointer, are freed, but the work is not cancelled, leading to a use-after-free when the work function attempts to access ishtp dev. The issue is resolved by using devm work autocancel() to automatically cancel the work if the probe fails.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
BDU:2025-05366
CESA-2023_7077
CVE-2023-53039
OESA-2025-1648
OESA-2025-1649
RHSA-2023:6583
RHSA-2023:7077
RHSA-2023_6583
RHSA-2023_7077
SUSE-SU-2025:01918-1
SUSE-SU-2025:01966-1
SUSE-SU-2025:01982-1
SUSE-SU-2025:01983-1
SUSE-SU-2025:01995-1
SUSE-SU-2025:02173-1
SUSE-SU-2025:02262-1
SUSE-SU-2025:2173-1
SUSE-SU-2025_01982-1
SUSE-SU-2025_01983-1
SUSE-SU-2025_02173-1
SUSE-SU-2025_02262-1

Affected Products

Astra Linux
Centos
Debian
Linux Kernel
Red Hat
Red Os
Suse