CVE-2023-53177

low-risk

Published 2025-09-15

In the Linux kernel, the following vulnerability has been resolved: media: hi846: fix usage of pm_runtime_get_if_in_use() pm_runtime_get_if_in_use() does not only return nonzero values when the device is in use, it can return a negative errno too. And especially during resuming from system suspend, when runtime pm is not yet up again, -EAGAIN is being returned, so the subsequent pm_runtime_put() call results in a refcount underflow. Fix system-resume by handling -EAGAIN of pm_runtime_get_if_in_use().

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (3)

Patch https://git.kernel.org/stable/c/04fc06f6dc1592ed5d675311ac50d8fba5db62ab

Patch https://git.kernel.org/stable/c/42ec6269f98edd915ee37da3c6456bb6243ea56a

Patch https://git.kernel.org/stable/c/c5dcd7a19f1ed8fe98384f3a9444c7c53befd74e

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal