LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53594: driver core: fix resource leak in device_add()

In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak. The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->kobj.parent = NULL ... glue_dir = get_glue_dir(dev) //glue_dir = NULL, and goto //"Error" label ... cleanup_glue_dir() //becaues glue_dir is NULL, not call //kobject_put() The preceding problem may cause insmod mac80211_hwsim.ko to failed. sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim' Call Trace: <TASK> dump_stack_lvl+0x8e/0xd1 sysfs_warn_dup.cold+0x1c/0x29 sysfs_create_dir_ns+0x224/0x280 kobject_add_internal+0x2aa/0x880 kobject_add+0x135/0x1a0 get_device_parent+0x3d7/0x590 device_add+0x2aa/0x1cb0 device_create_groups_vargs+0x1eb/0x260 device_create+0xdc/0x110 mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim] init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim] do_one_initcall+0x10f/0x630 do_init_module+0x19f/0x5e0 load_module+0x64b7/0x6eb0 __do_sys_finit_module+0x140/0x200 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to register things with the same name in the same directory.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue is a resource leak in device registration error handling. When a device add operation fails, cleanup can miss a reference, which may leave stale sysfs state and cause later device or module registration failures. The provided sources do not show remote compromise, privilege escalation, or active exploitation.

Executive priority

Treat this as a patch-management item unless vendor guidance raises severity. The available evidence points to reliability and resource-cleanup risk, not confirmed active exploitation. Prioritize exposed Linux fleets with custom kernels, lab wireless simulation, or local module-loading workflows.

Technical view

In device_add(), a failed kobject_add() can clear dev->kobj.parent before cleanup_glue_dir() runs. get_glue_dir(dev) then returns NULL, so cleanup skips kobject_put() for the glue directory. The example impact is mac80211_hwsim module insertion failing with a duplicate sysfs filename under /devices/virtual/mac80211_hwsim.

Likely exposure

Exposure is limited to Linux systems running kernel versions identified as affected in the CVE record. Distribution kernels need vendor mapping because downstream backports may differ from upstream version numbers. Systems using module loading or frequent virtual device creation are the most relevant operational review targets.

Exploitation context

The source bundle marks KEV as false and provides no evidence of active exploitation. The described behavior is a kernel resource leak and registration failure path, demonstrated through mac80211_hwsim module load failure. No exploit primitives, attacker requirements, or security impact rating are provided.

Researcher notes

Key uncertainty is impact severity: the CVE record has no CVSS, CWE, or exploitability detail. Analysis should focus on the failed kobject_add() path, glue_dir reference handling, and whether downstream kernels include the stable commits despite affected-looking version numbers.

Mitigation direction

  • Check Linux distribution advisories for CVE-2023-53594 package status.
  • Update to a vendor kernel containing the referenced upstream stable fix.
  • Prioritize systems allowing local module loading or virtual device creation.
  • Track unsupported or custom kernels separately from distribution-managed kernels.
  • Avoid assuming upstream version strings prove exposure without backport review.

Validation and detection

  • Inventory running kernel versions and distribution package release metadata.
  • Verify whether the kernel package includes one of the referenced stable commits.
  • Review system logs for sysfs duplicate filename or mac80211_hwsim registration failures.
  • Confirm affected custom kernels have the driver core fix applied.
  • Document any systems deferred pending vendor guidance.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53594 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
5Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxcebf8fd16900fdfd58c0028617944f808f97fe50, cebf8fd16900fdfd58c0028617944f808f97fe50, cebf8fd16900fdfd58c0028617944f808f97fe50, cebf8fd16900fdfd58c0028617944f808f97fe50, e7f6e3c9db4b6f259c89fd05728d024ab32acd71, a93a63333dbdb182b87e8cc99df8b4474f867acb, 37de955c11b59050346e530143c20b10b4846527, 645897231f960590220144b06d1f994b7eb88326, 3.10.105, 3.12.70, 4.4.40, 4.8.16unaffected
LinuxLinux4.9, 0, 5.15.99, 6.1.16, 6.2.3, 6.3affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.