ghsa-g3j7-2pwv-3vm5
Vulnerability from github
Published
2025-10-01 12:30
Modified
2025-10-01 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: Correct devm device reference for hidinput input_dev name

Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management.

Use devm_kasprintf to simplify the logic for allocating memory and formatting the input_dev name string.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53454"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:43Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Correct devm device reference for hidinput input_dev name\n\nReference the HID device rather than the input device for the devm\nallocation of the input_dev name. Referencing the input_dev would lead to a\nuse-after-free when the input_dev was unregistered and subsequently fires a\nuevent that depends on the name. At the point of firing the uevent, the\nname would be freed by devres management.\n\nUse devm_kasprintf to simplify the logic for allocating memory and\nformatting the input_dev name string.",
  "id": "GHSA-g3j7-2pwv-3vm5",
  "modified": "2025-10-01T12:30:29Z",
  "published": "2025-10-01T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53454"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15ec7cb55e7d88755aa01d44a7a1015a42bfce86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d7833db9fd118415dace2ca157bfa603dec9c8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2763732ec1e68910719c75b6b896e11b6d3d622b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39c70c19456e50dcb3abfe53539220dff0490f1d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4794394635293a3e74591351fff469cea7ad15a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac0d389402a6ff9ad92cea02c2d8c711483b91ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b70ac7849248ec8128fa12f86e3655ba38838f29"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dde88ab4e45beb60b217026207aa9c14c88d71ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df7ca43fe090e1a56c216c8ebc106ef5fd49afc6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.