Data Race Vulnerability in Linux Kernel's HID Raw Device Management
CVE-2023-53759
What is CVE-2023-53759?
A data race vulnerability exists in the Linux kernel's HID subsystem due to an improper synchronization mechanism in the hidraw_open() function. When multiple processes attempt to open a HID raw device concurrently, the reference counter may be modified unpredictably, leading to inconsistent state and potential system instability. This issue arose from a recent code change that replaced the existing mutex with a read-write semaphore, failing to secure the increment operation appropriately during concurrent access. Corrective measures are recommended to ensure thread safety when interacting with HID raw devices, thus fortifying the robustness of the Linux kernel.
Affected Version(s)
Linux 8590222e4b021054a7167a4dd35b152a8ed7018e < 879e79c3aead41b8aa2e91164354b30bd1c4ef3b
Linux 8590222e4b021054a7167a4dd35b152a8ed7018e
Linux 8590222e4b021054a7167a4dd35b152a8ed7018e < 05b47034e2488c2924e5c032e20a1979d012b5b5