CVE-2023-53459

Published: Oct 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221: prevent UAF in delayed work If the device is plugged/unplugged without giving time for mcp_init_work() to complete, we might kick in the devm free code path and thus have unavailable struct mcp_2221 while in delayed work. Canceling the delayed_work item is enough to solve the issue, because cancel_delayed_work_sync will prevent the work item to requeue itself.

Vendor	Product	Versions
Linux	Linux	affected `960f9df7c620ecb6030aff1d9a6c3d67598b8290 - < 5dc297652dbc557eba7ca7d6a4c5f1940dffffb1` affected `960f9df7c620ecb6030aff1d9a6c3d67598b8290 - < 47e91fdfa511139f2549687edb0d8649b123227b`
Linux	Linux	affected `6.2` unaffected `0 - < 6.2` unaffected `6.2.1 - <= 6.2.` unaffected `6.3 - <= `

References

https://git.kernel.org/stable/c/5dc297652dbc557eba7ca7d6a4c5f1940dffffb1

https://git.kernel.org/stable/c/47e91fdfa511139f2549687edb0d8649b123227b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-53459

Description

Affected Products

References