CVE-2023-53594
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-04

Last updated on: 2026-03-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak. The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->kobj.parent = NULL ... glue_dir = get_glue_dir(dev) //glue_dir = NULL, and goto //"Error" label ... cleanup_glue_dir() //becaues glue_dir is NULL, not call //kobject_put() The preceding problem may cause insmod mac80211_hwsim.ko to failed. sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim' Call Trace: <TASK> dump_stack_lvl+0x8e/0xd1 sysfs_warn_dup.cold+0x1c/0x29 sysfs_create_dir_ns+0x224/0x280 kobject_add_internal+0x2aa/0x880 kobject_add+0x135/0x1a0 get_device_parent+0x3d7/0x590 device_add+0x2aa/0x1cb0 device_create_groups_vargs+0x1eb/0x260 device_create+0xdc/0x110 mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim] init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim] do_one_initcall+0x10f/0x630 do_init_module+0x19f/0x5e0 load_module+0x64b7/0x6eb0 __do_sys_finit_module+0x140/0x200 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to register things with the same name in the same directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2026-03-21
Generated
2026-05-07
AI Q&A
2025-10-04
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53594
EUVD
EUVD-2025-32270
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.1.16 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.3 (exc)
linux linux_kernel From 3.12.70 (inc) to 3.13 (exc)
linux linux_kernel From 3.10.105 (inc) to 3.11 (exc)
linux linux_kernel From 4.4.40 (inc) to 4.5 (exc)
linux linux_kernel From 4.8.16 (inc) to 5.15.99 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a resource leak in the Linux kernel's device_add() function. When kobject_add() fails during device_add(), it calls cleanup_glue_dir() to free resources. However, because dev->kobj.parent is set to NULL in kobject_add() before the failure, cleanup_glue_dir() does not call kobject_put() to release resources, causing a resource leak. This can lead to failures such as insmod mac80211_hwsim.ko failing due to sysfs trying to create a duplicate filename.


How can this vulnerability impact me? :

This vulnerability can cause resource leaks in the Linux kernel, potentially leading to failures when loading kernel modules, such as the mac80211_hwsim module failing to load due to duplicate sysfs filenames. This may affect system stability or functionality related to device management.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing error messages related to kobject_add_internal failures, specifically errors indicating duplicate filenames such as '/devices/virtual/mac80211_hwsim'. Checking kernel logs (e.g., using 'dmesg' or 'journalctl -k') for messages containing 'kobject_add_internal failed' or 'sysfs: cannot create duplicate filename' can help identify the issue. For example, running 'dmesg | grep kobject_add_internal' or 'journalctl -k | grep mac80211_hwsim' may reveal relevant errors.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves avoiding loading or inserting the mac80211_hwsim kernel module until the vulnerability is fixed, as the issue occurs during insmod of mac80211_hwsim. Monitoring for kernel updates or patches that fix the resource leak in device_add() and applying them promptly is recommended. Additionally, avoid registering devices with duplicate names in sysfs to prevent triggering the bug.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart