{
  "threat_severity" : "Low",
  "public_date" : "2025-10-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: driver core: fix resource leak in device_add()",
    "id" : "2401494",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401494"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-771",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndriver core: fix resource leak in device_add()\nWhen calling kobject_add() failed in device_add(), it will call\ncleanup_glue_dir() to free resource. But in kobject_add(),\ndev->kobj.parent has been set to NULL. This will cause resource leak.\nThe process is as follows:\ndevice_add()\nget_device_parent()\nclass_dir_create_and_add()\nkobject_add()//kobject_get()\n...\ndev->kobj.parent = kobj;\n...\nkobject_add()//failed, but set dev->kobj.parent = NULL\n...\nglue_dir = get_glue_dir(dev)//glue_dir = NULL, and goto\n//\"Error\" label\n...\ncleanup_glue_dir()//becaues glue_dir is NULL, not call\n//kobject_put()\nThe preceding problem may cause insmod mac80211_hwsim.ko to failed.\nsysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim'\nCall Trace:\n<TASK>\ndump_stack_lvl+0x8e/0xd1\nsysfs_warn_dup.cold+0x1c/0x29\nsysfs_create_dir_ns+0x224/0x280\nkobject_add_internal+0x2aa/0x880\nkobject_add+0x135/0x1a0\nget_device_parent+0x3d7/0x590\ndevice_add+0x2aa/0x1cb0\ndevice_create_groups_vargs+0x1eb/0x260\ndevice_create+0xdc/0x110\nmac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim]\ninit_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim]\ndo_one_initcall+0x10f/0x630\ndo_init_module+0x19f/0x5e0\nload_module+0x64b7/0x6eb0\n__do_sys_finit_module+0x140/0x200\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\n</TASK>\nkobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to\nregister things with the same name in the same directory.", "A reference leak was found in the Linux kernel's driver core device registration logic. When kobject_add fails partway through device_add, the error cleanup attempts to free resources but fails because kobject_add has already cleared the device's parent pointer. This prevents cleanup_glue_dir from finding and releasing the glue directory's reference, causing permanent resource leaks that accumulate with repeated failures and eventually lead to denial of service." ],
  "statement" : "The device_add function is the core device registration mechanism in Linux. It creates various sysfs structures, including \"glue directories\" that organize devices within the sysfs hierarchy. The flow looks like this: get_device_parent creates or finds a glue directory (incrementing its reference), sets dev->kobj.parent to point to it, then calls kobject_add to register the device kobject in sysfs. If kobject_add succeeds, everything's fine. But if it fails, it has a side effect: it sets dev->kobj.parent to NULL. The error cleanup then calls get_glue_dir to retrieve the glue directory so it can decrement the reference via cleanup_glue_dir. However, with dev->kobj.parent now NULL, get_glue_dir can't find the glue directory and returns NULL itself. cleanup_glue_dir checks for NULL and does nothing. The glue directory reference acquired earlier is never released.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53594\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53594\nhttps://lore.kernel.org/linux-cve-announce/2025100428-CVE-2023-53594-563f@gregkh/T" ],
  "name" : "CVE-2023-53594",
  "csaw" : false
}