CVE-2023-53392: HID: intel-ish-hid: Fix kernel panic during warm reset
In the Linux kernel, the following vulnerability has been resolved:
HID: intel-ish-hid: Fix kernel panic during warm reset
During warm reset device->fw_client is set to NULL. If a bus driver is
registered after this NULL setting and before new firmware clients are
enumerated by ISHTP, kernel panic will result in the function
ishtp_cl_bus_match(). This is because of reference to
device->fw_client->props.protocol_name.
ISH firmware after getting successfully loaded, sends a warm reset
notification to remove all clients from the bus and sets
device->fw_client to NULL. Until kernel v5.15, all enabled ISHTP kernel
module drivers were loaded right after any of the first ISHTP device was
registered, regardless of whether it was a matched or an unmatched
device. This resulted in all drivers getting registered much before the
warm reset notification from ISH.
Starting kernel v5.16, this issue got exposed after the change was
introduced to load only bus drivers for the respective matching devices.
In this scenario, cros_ec_ishtp device and cros_ec_ishtp driver are
registered after the warm reset device fw_client NULL setting.
cros_ec_ishtp driver_register() triggers the callback to
ishtp_cl_bus_match() to match ISHTP driver to the device and causes kernel
panic in guid_equal() when dereferencing fw_client NULL pointer to get
protocol_name.
Security readout for executives and security teams
Plain-English summary
CVE-2023-53392 is a Linux kernel availability bug. On systems using Intel ISH HID/ISHTP paths, a warm reset can leave firmware client data unset while a driver is matching, causing a NULL pointer dereference and kernel panic.
Executive priority
Treat this as a targeted stability risk rather than an emergency compromise event. Patch during normal kernel maintenance, with higher priority for laptops, embedded systems, or managed fleets that rely on Intel ISH-related functionality.
Technical view
The bug is in intel-ish-hid ISHTP bus matching. During warm reset, device->fw_client becomes NULL before new firmware clients are enumerated. A later driver registration can call ishtp_cl_bus_match(), dereference fw_client->props.protocol_name, and panic the kernel.
Likely exposure
Exposure appears limited to Linux systems with affected kernel versions and Intel ISH/ISHTP-related devices or drivers, especially cros_ec_ishtp timing during warm reset. The source lists Linux 5.16 through versions around 6.3 as affected, but exact distro mapping requires vendor guidance.
Exploitation context
The sources do not show active exploitation, and KEV is false. The described trigger is a warm-reset timing condition in kernel driver registration, indicating primarily local hardware or lifecycle-driven denial-of-service risk, not proven remote compromise.
Researcher notes
Evidence is strong for root cause and affected subsystem, but incomplete for CVSS, exploitability, and distro fixed-version mapping. Avoid broad claims beyond kernel panic availability impact unless vendor advisories add more context.
Mitigation direction
Check Linux distribution advisories for CVE-2023-53392 coverage.
Update to a vendor kernel containing the referenced stable fixes.
Prioritize systems with Intel ISH, ISHTP, or cros_ec_ishtp enabled.
Avoid unsupported kernel builds where fix inclusion is unclear.
Test kernel updates on representative hardware before broad deployment.
Validation and detection
Inventory kernel versions across Linux fleets.
Identify hosts loading intel-ish-hid, ISHTP, or cros_ec_ishtp drivers.
Confirm patched kernels include the referenced stable commits.
Review logs for kernel panics during warm reset cycles.
Validate reboot and warm-reset behavior in staging hardware.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53392 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Sep 18, 2025, 13:33 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.