CVE-2023-53392: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered affecting the Intel Integrated Sensor Hub (ISH) HID driver. The issue involves a potential kernel panic during warm reset when device->fw_client is set to NULL. This vulnerability was assigned CVE-2023-53392 and was disclosed on September 18, 2025 (NVD).

The vulnerability occurs in the ishtpclbusmatch() function when attempting to reference device->fwclient->props.protocolname after device->fwclient has been set to NULL during warm reset. This issue became exposed starting with kernel v5.16, when changes were introduced to load only bus drivers for respective matching devices. Prior to kernel v5.15, all enabled ISHTP kernel module drivers were loaded immediately after any first ISHTP device registration (NVD).

When exploited, this vulnerability results in a kernel panic when the crosecishtp device and driver are registered after the warm reset device fwclient NULL setting. The panic occurs specifically in the guidequal() function when attempting to dereference the NULL fwclient pointer to access protocolname (NVD).

The vulnerability has been resolved in the Linux kernel through patches that address the NULL pointer dereference issue during warm reset in the Intel ISH HID driver. The fix involves proper handling of the device->fw_client pointer during the warm reset process (NVD).