CVE-2023-53797: HID: wacom: Use ktime_t rather than int when dealing with timestamps
In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: Use ktime_t rather than int when dealing with timestamps
Code which interacts with timestamps needs to use the ktime_t type
returned by functions like ktime_get. The int type does not offer
enough space to store these values, and attempting to use it is a
recipe for problems. In this particular case, overflows would occur
when calculating/storing timestamps leading to incorrect values being
reported to userspace. In some cases these bad timestamps cause input
handling in userspace to appear hung.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue affects Wacom tablet input handling. A timestamp was stored in a type too small for the value, causing overflow and bad timestamps. The documented impact is disrupted input behavior, including userspace input handling appearing hung. Sources do not indicate remote compromise, privilege escalation, or active exploitation.
Executive priority
Handle through normal kernel patch management, with higher priority for workstations, design systems, tablets, or kiosks relying on Wacom input. Current evidence does not justify emergency response.
Technical view
The HID wacom driver used int for timestamp values returned by ktime_get-like functions. Those values can overflow int storage, producing incorrect timestamps reported to userspace. The kernel fix changes timestamp handling to ktime_t. The cited CVE record provides no CVSS, CWE, or exploitability detail.
Likely exposure
Exposure is most plausible on Linux systems running affected kernel versions with the Wacom HID driver and Wacom-style input devices. General servers without this input path are less likely to have meaningful exposure, based on the provided description.
Exploitation context
The source bundle does not report active exploitation, and KEV is false. The described outcome is reliability or availability impact in local input handling, not confirmed code execution or data compromise.
Researcher notes
The public record is sparse: no CVSS, CWE, exploit narrative, or distribution-specific advisory is included. Analysis should stay limited to timestamp overflow in the Linux HID wacom path and the stated userspace input hang symptom.
Mitigation direction
Identify Linux kernels in affected version ranges.
Prioritize systems using Wacom HID input devices.
Apply vendor kernel updates containing the referenced stable fixes.
If no packaged fix is available, monitor Linux distribution guidance.
Test tablet and pointer workflows after kernel updates.
Validation and detection
Inventory kernel versions across endpoint and kiosk fleets.
Check whether Wacom HID driver support is present or loaded.
Confirm updated kernels include the stable fix commits.
Reproduce normal tablet input workflows after patching.
Watch for recurring userspace input hangs after remediation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53797 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
8Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 9, 2025, 00:00 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.