CVE-2023-53459

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the mcp-2221 driver within the Linux kernel. The issue occurs when a device is plugged or unplugged without allowing the mcp init work() function to complete, potentially leading to the use of an unavailable struct mcp 2221 within a delayed work item. This can happen when the device is removed while the initialization work is still in progress, triggering the device memory free path.

Recommendations Cancel the delayed work item to prevent it from being requeued, resolving the use-after-free condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.