Input Device Vulnerability in Linux Kernel Affecting NVIDIA Shield

CVE-2023-53253

What is CVE-2023-53253?

A vulnerability in the Linux kernel related to input device handling has been identified in the NVIDIA Shield. This issue arises from improper management of memory allocation for input device names, specifically utilizing hid_device during the devm allocation process. If an input device is unregistered, it may trigger resource cleanup which frees the name associated with the input device. Subsequently, this freed name could be referenced in a user event, leading to potential exploitation through a use-after-free scenario. Remediation has been implemented in recent updates, emphasizing the importance of keeping systems up-to-date to mitigate the associated risks.

References