CVE-2023-53759Missing Synchronization in Linux

CWE-820Missing Synchronization6 documents5 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 90.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidraw_open() function increments the hidraw device reference counter. The counter has no dedicated synchronization mechanism, resulting in a potential data race when concurrently opening a device. The race is a regression introduced by commit 8590222e4b02 ("HID: hidraw: Replace hidraw device table mutex with a rwsem"). While minors_rwsem is intended to protect the hidraw_tabl

Affected Packages4 packages

Linuxlinux/linux_kernel5.17.06.1.37+2
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux8590222e4b021054a7167a4dd35b152a8ed7018e879e79c3aead41b8aa2e91164354b30bd1c4ef3b+4
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
HID: hidraw: fix data race on device refcount2025-12-08
GHSA
GHSA-hgww-pjhr-mwxr: In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidraw_open() function increme2025-12-08
OSV
CVE-2023-53759: In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidraw_open() function increment2025-12-08

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: High impact due to data race in hidraw_open() during concurrent device opening2025-12-08
Debian
CVE-2023-53759: linux - In the Linux kernel, the following vulnerability has been resolved: HID: hidraw...2023