USB Device Driver Impacts in Linux Kernel
CVE-2023-53523

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2023-53523?

A vulnerability in the Linux kernel's gs_usb device driver occurs when the driver is unloaded before the interface is shut down. This leads to a race condition where a NULL pointer dereference can happen due to improper handling of cycle counter initialization. When the gs_usb_disconnect function is executed, it kills all pending bulk URBs, but a queued CAN frame can still be received, causing issues during device reset due to uninitialized timestamps. A fix is required to reorder the initialization of the cycle counter to prevent potential NULL pointer dereference and ensure stable CAN channel operation across multi-channel devices.

Affected Version(s)

Linux 45dfa45f52e66f8eee30a64b16550a9c47915044 < 210a8cffc9c1b044281c0a868485c870c9c11374

Linux 45dfa45f52e66f8eee30a64b16550a9c47915044 < 5886e4d5ecec3e22844efed90b2dd383ef804b3a

Linux 6.1

References

https://git.kernel.org/stable/c/210a8cffc9c1b044281c0a868...

https://git.kernel.org/stable/c/5886e4d5ecec3e22844efed90...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 1, 2025

JSON