VYPR
Unrated severityNVD Advisory· Published Oct 1, 2025

HID: mcp-2221: prevent UAF in delayed work

CVE-2023-53459

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: mcp-2221: prevent UAF in delayed work

If the device is plugged/unplugged without giving time for mcp_init_work() to complete, we might kick in the devm free code path and thus have unavailable struct mcp_2221 while in delayed work.

Canceling the delayed_work item is enough to solve the issue, because cancel_delayed_work_sync will prevent the work item to requeue itself.

Affected products

2
  • Linux/Kernelllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.