VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2023-53759

CVE-2023-53759

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: hidraw: fix data race on device refcount

The hidraw_open() function increments the hidraw device reference counter. The counter has no dedicated synchronization mechanism, resulting in a potential data race when concurrently opening a device.

The race is a regression introduced by commit 8590222e4b02 ("HID: hidraw: Replace hidraw device table mutex with a rwsem"). While minors_rwsem is intended to protect the hidraw_table itself, by instead acquiring the lock for writing, the reference counter is also protected. This is symmetrical to hidraw_release().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Data race in hidraw_open() due to missing refcount synchronization allows concurrent opens to corrupt device refcount, leading to use-after-free.

Vulnerability

In the Linux kernel, the hidraw_open() function increments the hidraw device reference counter without proper synchronization, resulting in a data race when multiple processes concurrently open a hidraw device. The race was introduced by commit 8590222e4b02, which replaced a mutex with a rwsem but failed to protect the refcount. [1]

Exploitation

An unprivileged local attacker can exploit this race by opening the same hidraw device multiple times simultaneously, causing the refcount to be incremented incorrectly. This can lead to the device being freed while still in use (use-after-free). [1]

Impact

Successful exploitation could result in a use-after-free condition, potentially allowing an attacker to gain elevated privileges or cause a denial of service. The vulnerability is local and requires access to a hidraw device. [1]

Mitigation

The fix is included in Linux kernel stable releases. The commit 879e79c3aead addresses the race by acquiring the rwsem for writing in hidraw_open(), mirroring the protection in hidraw_release(). Users should update their kernel to a patched version. [1]

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
879e79c3aead
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ff348eabd975
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
05b47034e248
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
944ee77dc6ec
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.