LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53012: thermal: core: call put_device() only after device_register() fails

In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to device_register(). __thermal_cooling_device_register() doesn't follow that properly and needs fixing. Also thermal_cooling_device_destroy_sysfs() is getting called unnecessarily on few error paths. Fix all this by placing the calls at the right place. Based on initial work done by Caleb Connolly.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel bug in the cleanup path for thermal cooling devices. The public record says the kernel could call cleanup in the wrong order during failed registration. Business risk is hard to rate because impact and exploitability are not stated.

Executive priority

Treat this as a kernel maintenance item with unclear business urgency. It should not override actively exploited vulnerabilities, but Linux kernel fleets should receive normal vendor updates and exposure tracking because kernel cleanup bugs can have operational impact.

Technical view

The issue is in Linux thermal core __thermal_cooling_device_register(). put_device() could be called before successful device_register(), and sysfs cleanup ran on unnecessary error paths. The fix moves cleanup calls to the correct failure paths. No CVSS, CWE, privilege impact, or trigger requirements are provided.

Likely exposure

Linux hosts, appliances, or embedded devices running affected kernel revisions that include the vulnerable thermal core code. Exposure is most relevant where thermal cooling device registration can fail. The sources do not map this to specific distributions or packaged kernel versions.

Exploitation context

CISA KEV is false, and no cited source states active exploitation or public exploit availability. The source bundle does not provide attacker prerequisites, trigger details, or practical impact, so exploitation likelihood cannot be judged from the available evidence.

Researcher notes

The public record is sparse: it documents incorrect device lifecycle ordering and unnecessary sysfs cleanup calls, but not the resulting failure mode. Analysis should focus on kernel version lineage, backports, and vendor advisories rather than speculative exploitation claims.

Mitigation direction

  • Track Linux vendor advisories for kernels containing this thermal core fix.
  • Apply validated kernel updates that include the referenced stable commits.
  • Prioritize systems using custom or older Linux kernels with thermal subsystem changes.
  • Avoid assuming distribution package exposure without vendor mapping.
  • Keep normal kernel rollback plans for update testing.

Validation and detection

  • Inventory Linux kernel versions and vendor package advisory status.
  • Check whether deployed source or changelog includes the referenced stable commits.
  • Confirm affected systems use kernel builds containing the thermal core code path.
  • Review vendor security notices for backport identifiers and fixed package versions.
  • Record uncertainty where impact, CVSS, or exploitability are not published.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53012 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux108a6f91e2766a6d9142b1f2d90c07ac547eae7e, 80bb3b901abe6560620505e5c734d140c4f73a07, c408b3d1d9bbc7de5fb0304fea424ef2539da616, 5139cbc0c6e4bf2fcffc9a7ed4350bf6985bc561, c4c435d3637b5d0abaa6447c7366c3674364968a, e0d8b51bbe84d6a98c162e06344de2d773d9e722, 6.0.16unaffected
LinuxLinuxSee advisoryunaffected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.