CVE-2023-53392
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix kernel panic during warm reset During warm reset device->fw_client is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, kernel panic will result in the function ishtp_cl_bus_match(). This is because of reference to device->fw_client->props.protocol_name. ISH firmware after getting successfully loaded, sends a warm reset notification to remove all clients from the bus and sets device->fw_client to NULL. Until kernel v5.15, all enabled ISHTP kernel module drivers were loaded right after any of the first ISHTP device was registered, regardless of whether it was a matched or an unmatched device. This resulted in all drivers getting registered much before the warm reset notification from ISH. Starting kernel v5.16, this issue got exposed after the change was introduced to load only bus drivers for the respective matching devices. In this scenario, cros_ec_ishtp device and cros_ec_ishtp driver are registered after the warm reset device fw_client NULL setting. cros_ec_ishtp driver_register() triggers the callback to ishtp_cl_bus_match() to match ISHTP driver to the device and causes kernel panic in guid_equal() when dereferencing fw_client NULL pointer to get protocol_name.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2026-03-17
Generated
2026-05-27
AI Q&A
2025-09-18
EPSS Evaluated
2026-05-25
NVD
CVE-2023-53392
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel 5.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's intel-ish-hid driver during a warm reset. When the ISH firmware sends a warm reset notification, it sets device->fw_client to NULL to remove all clients from the bus. If a bus driver is registered after this NULL assignment but before new firmware clients are enumerated, the kernel function ishtp_cl_bus_match() tries to access device->fw_client->props.protocol_name, causing a NULL pointer dereference and resulting in a kernel panic. This issue became exposed starting with kernel version 5.16 due to changes in driver loading order.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to panic (crash) during a warm reset of the ISH device. A kernel panic leads to a system crash and reboot, causing potential downtime, loss of unsaved data, and disruption of services running on the affected system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart