Unrated severityNVD Advisory· Published Oct 1, 2025

HID: mcp-2221: prevent UAF in delayed work

CVE-2023-53459

Description

In the Linux kernel, the following vulnerability has been resolved:

If the device is plugged/unplugged without giving time for mcp_init_work() to complete, we might kick in the devm free code path and thus have unavailable struct mcp_2221 while in delayed work.

Canceling the delayed_work item is enough to solve the issue, because cancel_delayed_work_sync will prevent the work item to requeue itself.

Affected products

Linux/Kernelllm-fuzzy
Linux/Linuxv5
Range: 6.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/stable/c/47e91fdfa511139f2549687edb0d8649b123227bmitre
git.kernel.org/stable/c/5dc297652dbc557eba7ca7d6a4c5f1940dffffb1mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000