LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53392: HID: intel-ish-hid: Fix kernel panic during warm reset

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix kernel panic during warm reset During warm reset device->fw_client is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, kernel panic will result in the function ishtp_cl_bus_match(). This is because of reference to device->fw_client->props.protocol_name. ISH firmware after getting successfully loaded, sends a warm reset notification to remove all clients from the bus and sets device->fw_client to NULL. Until kernel v5.15, all enabled ISHTP kernel module drivers were loaded right after any of the first ISHTP device was registered, regardless of whether it was a matched or an unmatched device. This resulted in all drivers getting registered much before the warm reset notification from ISH. Starting kernel v5.16, this issue got exposed after the change was introduced to load only bus drivers for the respective matching devices. In this scenario, cros_ec_ishtp device and cros_ec_ishtp driver are registered after the warm reset device fw_client NULL setting. cros_ec_ishtp driver_register() triggers the callback to ishtp_cl_bus_match() to match ISHTP driver to the device and causes kernel panic in guid_equal() when dereferencing fw_client NULL pointer to get protocol_name.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2023-53392 is a Linux kernel availability bug. On systems using Intel ISH HID/ISHTP paths, a warm reset can leave firmware client data unset while a driver is matching, causing a NULL pointer dereference and kernel panic.

Executive priority

Treat this as a targeted stability risk rather than an emergency compromise event. Patch during normal kernel maintenance, with higher priority for laptops, embedded systems, or managed fleets that rely on Intel ISH-related functionality.

Technical view

The bug is in intel-ish-hid ISHTP bus matching. During warm reset, device->fw_client becomes NULL before new firmware clients are enumerated. A later driver registration can call ishtp_cl_bus_match(), dereference fw_client->props.protocol_name, and panic the kernel.

Likely exposure

Exposure appears limited to Linux systems with affected kernel versions and Intel ISH/ISHTP-related devices or drivers, especially cros_ec_ishtp timing during warm reset. The source lists Linux 5.16 through versions around 6.3 as affected, but exact distro mapping requires vendor guidance.

Exploitation context

The sources do not show active exploitation, and KEV is false. The described trigger is a warm-reset timing condition in kernel driver registration, indicating primarily local hardware or lifecycle-driven denial-of-service risk, not proven remote compromise.

Researcher notes

Evidence is strong for root cause and affected subsystem, but incomplete for CVSS, exploitability, and distro fixed-version mapping. Avoid broad claims beyond kernel panic availability impact unless vendor advisories add more context.

Mitigation direction

  • Check Linux distribution advisories for CVE-2023-53392 coverage.
  • Update to a vendor kernel containing the referenced stable fixes.
  • Prioritize systems with Intel ISH, ISHTP, or cros_ec_ishtp enabled.
  • Avoid unsupported kernel builds where fix inclusion is unclear.
  • Test kernel updates on representative hardware before broad deployment.

Validation and detection

  • Inventory kernel versions across Linux fleets.
  • Identify hosts loading intel-ish-hid, ISHTP, or cros_ec_ishtp drivers.
  • Confirm patched kernels include the referenced stable commits.
  • Review logs for kernel panics during warm reset cycles.
  • Validate reboot and warm-reset behavior in staging hardware.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53392 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux44e2a58cb8803e3e40eaf5708c4d15b4118913c4, 44e2a58cb8803e3e40eaf5708c4d15b4118913c4, 44e2a58cb8803e3e40eaf5708c4d15b4118913c4unaffected
LinuxLinux5.16, 0, 6.1.25, 6.2.12, 6.3affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.