CVE-2023-53253

HIGH

Linux Kernel 6.5-6.5.2 - Use-After-Free in HID NVIDIA Shield Input Device Name Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hid_device devm allocation of input_dev name Use hid_device for devm allocation of the input_dev name to avoid a use-after-free. input_unregister_device would trigger devres cleanup of all resources associated with the input_dev, free-ing the name. The name would subsequently be used in a uevent fired at the end of unregistering the input_dev.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/b85d3807e5ec368bfd5b20245347d7c1434aff76

Patch

https://git.kernel.org/stable/c/197d3143520fec9fde89aebabc9f0d7464f08e50

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 3.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (7)

Linux/Linux < 6.5

Linux/Linux 09308562d4afb1abc66366608fa1cb9de783272f - 197d3143520fec9fde89aebabc9f0d7464f08e50

Linux/Linux 09308562d4afb1abc66366608fa1cb9de783272f - b85d3807e5ec368bfd5b20245347d7c1434aff76

Linux/Linux 6.5

Linux/Linux 6.5.3 - 6.5.*

Linux/Linux 6.6

linux/linux_kernel 6.5 - 6.5.3

Published Sep 15, 2025

Tracked Since Feb 18, 2026