CVE-2023-53594: driver core: fix resource leak in device_add()
In the Linux kernel, the following vulnerability has been resolved:
driver core: fix resource leak in device_add()
When calling kobject_add() failed in device_add(), it will call
cleanup_glue_dir() to free resource. But in kobject_add(),
dev->kobj.parent has been set to NULL. This will cause resource leak.
The process is as follows:
device_add()
get_device_parent()
class_dir_create_and_add()
kobject_add() //kobject_get()
...
dev->kobj.parent = kobj;
...
kobject_add() //failed, but set dev->kobj.parent = NULL
...
glue_dir = get_glue_dir(dev) //glue_dir = NULL, and goto
//"Error" label
...
cleanup_glue_dir() //becaues glue_dir is NULL, not call
//kobject_put()
The preceding problem may cause insmod mac80211_hwsim.ko to failed.
sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim'
Call Trace:
<TASK>
dump_stack_lvl+0x8e/0xd1
sysfs_warn_dup.cold+0x1c/0x29
sysfs_create_dir_ns+0x224/0x280
kobject_add_internal+0x2aa/0x880
kobject_add+0x135/0x1a0
get_device_parent+0x3d7/0x590
device_add+0x2aa/0x1cb0
device_create_groups_vargs+0x1eb/0x260
device_create+0xdc/0x110
mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim]
init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim]
do_one_initcall+0x10f/0x630
do_init_module+0x19f/0x5e0
load_module+0x64b7/0x6eb0
__do_sys_finit_module+0x140/0x200
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to
register things with the same name in the same directory.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue is a resource leak in device registration error handling. When a device add operation fails, cleanup can miss a reference, which may leave stale sysfs state and cause later device or module registration failures. The provided sources do not show remote compromise, privilege escalation, or active exploitation.
Executive priority
Treat this as a patch-management item unless vendor guidance raises severity. The available evidence points to reliability and resource-cleanup risk, not confirmed active exploitation. Prioritize exposed Linux fleets with custom kernels, lab wireless simulation, or local module-loading workflows.
Technical view
In device_add(), a failed kobject_add() can clear dev->kobj.parent before cleanup_glue_dir() runs. get_glue_dir(dev) then returns NULL, so cleanup skips kobject_put() for the glue directory. The example impact is mac80211_hwsim module insertion failing with a duplicate sysfs filename under /devices/virtual/mac80211_hwsim.
Likely exposure
Exposure is limited to Linux systems running kernel versions identified as affected in the CVE record. Distribution kernels need vendor mapping because downstream backports may differ from upstream version numbers. Systems using module loading or frequent virtual device creation are the most relevant operational review targets.
Exploitation context
The source bundle marks KEV as false and provides no evidence of active exploitation. The described behavior is a kernel resource leak and registration failure path, demonstrated through mac80211_hwsim module load failure. No exploit primitives, attacker requirements, or security impact rating are provided.
Researcher notes
Key uncertainty is impact severity: the CVE record has no CVSS, CWE, or exploitability detail. Analysis should focus on the failed kobject_add() path, glue_dir reference handling, and whether downstream kernels include the stable commits despite affected-looking version numbers.
Mitigation direction
Check Linux distribution advisories for CVE-2023-53594 package status.
Update to a vendor kernel containing the referenced upstream stable fix.
Prioritize systems allowing local module loading or virtual device creation.
Track unsupported or custom kernels separately from distribution-managed kernels.
Avoid assuming upstream version strings prove exposure without backport review.
Validation and detection
Inventory running kernel versions and distribution package release metadata.
Verify whether the kernel package includes one of the referenced stable commits.
Review system logs for sysfs duplicate filename or mac80211_hwsim registration failures.
Confirm affected custom kernels have the driver core fix applied.
Document any systems deferred pending vendor guidance.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53594 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
5Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 4, 2025, 15:44 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.