CVE-2023-53392

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16

Description The Linux kernel contained a flaw where a kernel panic could occur during a warm reset. This occurred because the device->fw client was set to NULL during a warm reset. If a bus driver was registered after this NULL setting and before new firmware clients were enumerated, a kernel panic resulted in the ishtp cl bus match() function due to a reference to device->fw client->props.protocol name. The issue was exposed after a change in kernel version 5.16 that loaded bus drivers only for matching devices, specifically with the cros ec ishtp device and driver.

Recommendations Update to kernel version 5.16 or later to resolve this issue.

Exploit

Fix

Exposure of Resource to Wrong Sphere

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2026-06024

CESA-2024_3138

CVE-2023-53392

RHSA-2023:6583

RHSA-2023_6583

RHSA-2024:3138

RHSA-2024_3138

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

CVE-2023-53392

Weakness Enumeration

Related Identifiers

Affected Products

References · 21