LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53797: HID: wacom: Use ktime_t rather than int when dealing with timestamps

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: Use ktime_t rather than int when dealing with timestamps Code which interacts with timestamps needs to use the ktime_t type returned by functions like ktime_get. The int type does not offer enough space to store these values, and attempting to use it is a recipe for problems. In this particular case, overflows would occur when calculating/storing timestamps leading to incorrect values being reported to userspace. In some cases these bad timestamps cause input handling in userspace to appear hung.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue affects Wacom tablet input handling. A timestamp was stored in a type too small for the value, causing overflow and bad timestamps. The documented impact is disrupted input behavior, including userspace input handling appearing hung. Sources do not indicate remote compromise, privilege escalation, or active exploitation.

Executive priority

Handle through normal kernel patch management, with higher priority for workstations, design systems, tablets, or kiosks relying on Wacom input. Current evidence does not justify emergency response.

Technical view

The HID wacom driver used int for timestamp values returned by ktime_get-like functions. Those values can overflow int storage, producing incorrect timestamps reported to userspace. The kernel fix changes timestamp handling to ktime_t. The cited CVE record provides no CVSS, CWE, or exploitability detail.

Likely exposure

Exposure is most plausible on Linux systems running affected kernel versions with the Wacom HID driver and Wacom-style input devices. General servers without this input path are less likely to have meaningful exposure, based on the provided description.

Exploitation context

The source bundle does not report active exploitation, and KEV is false. The described outcome is reliability or availability impact in local input handling, not confirmed code execution or data compromise.

Researcher notes

The public record is sparse: no CVSS, CWE, exploit narrative, or distribution-specific advisory is included. Analysis should stay limited to timestamp overflow in the Linux HID wacom path and the stated userspace input hang symptom.

Mitigation direction

  • Identify Linux kernels in affected version ranges.
  • Prioritize systems using Wacom HID input devices.
  • Apply vendor kernel updates containing the referenced stable fixes.
  • If no packaged fix is available, monitor Linux distribution guidance.
  • Test tablet and pointer workflows after kernel updates.

Validation and detection

  • Inventory kernel versions across endpoint and kiosk fleets.
  • Check whether Wacom HID driver support is present or loaded.
  • Confirm updated kernels include the stable fix commits.
  • Reproduce normal tablet input workflows after patching.
  • Watch for recurring userspace input hangs after remediation.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53797 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
8Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxf9e27d4bdb1fe257c1453d02560e3adc3e5b6023, 4502ebbdc0e21e44a8a706428e420ae9c1bb9bba, 5047a228d4c8e2b5d1b856f21a00ecf717945a9c, fb98336e23c11e9c8c7dd5425ec71adbbef7f773, 694d3e4387bfa69925e075053894385351106e64, 17d793f3ed53080dab6bbeabfc82de890c901001, 17d793f3ed53080dab6bbeabfc82de890c901001, 82a136c35506dc788a6c03ffeb11b10c907b0e26, 5.4.243, 5.10.180, 5.15.112, 6.1.29, 6.3.3, 6.2.16unaffected
LinuxLinux6.4, 0, 5.4.251, 5.10.188, 5.15.120, 6.1.37, 6.3.11, 6.4.1, 6.5affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.