Home

Description

In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221: prevent UAF in delayed work If the device is plugged/unplugged without giving time for mcp_init_work() to complete, we might kick in the devm free code path and thus have unavailable struct mcp_2221 while in delayed work. Canceling the delayed_work item is enough to solve the issue, because cancel_delayed_work_sync will prevent the work item to requeue itself.

PUBLISHED Reserved 2025-10-01 | Published 2025-10-01 | Updated 2025-10-01 | Assigner Linux

Product status

Default status
unaffected

960f9df7c620ecb6030aff1d9a6c3d67598b8290 before 5dc297652dbc557eba7ca7d6a4c5f1940dffffb1
affected

960f9df7c620ecb6030aff1d9a6c3d67598b8290 before 47e91fdfa511139f2549687edb0d8649b123227b
affected

Default status
affected

6.2
affected

Any version before 6.2
unaffected

6.2.1
unaffected

6.3
unaffected

References

git.kernel.org/...c/5dc297652dbc557eba7ca7d6a4c5f1940dffffb1

git.kernel.org/...c/47e91fdfa511139f2549687edb0d8649b123227b

cve.org (CVE-2023-53459)

nvd.nist.gov (CVE-2023-53459)

Download JSON