CVE-2023-52519: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit The EHL (Elkhart Lake) based platforms provide a OOB (Out of band) service, which allows to wakup device when the system is in S5 (Soft-Off state). This OOB service can be enabled/disabled from BIOS settings. When enabled, the ISH device gets PME wake capability. To enable PME wakeup, driver also needs to enable ACPI GPE bit. On resume, BIOS will clear the wakeup bit. So driver need to re-enable it in resume function to keep the next wakeup capability. But this BIOS clearing of wakeup bit doesn't decrement internal OS GPE reference count, so this reenabling on every resume will cause reference count to overflow. So first disable and reenable ACPI GPE bit using acpi_disable_gpe().
AI Analysis
Technical Summary
CVE-2023-52519 is a vulnerability identified in the Linux kernel specifically affecting Intel Elkhart Lake (EHL) platforms that utilize the Intel Integrated Sensor Hub (ISH) device. The vulnerability arises from improper handling of the ACPI General Purpose Event (GPE) bit related to the Out-of-Band (OOB) wakeup service. This OOB service enables the system to wake devices from the S5 (Soft-Off) power state, controlled via BIOS settings. When enabled, the ISH device gains PME (Power Management Event) wake capability, which requires the driver to enable the ACPI GPE bit. However, on system resume, the BIOS clears the wakeup bit but does not decrement the internal OS GPE reference count accordingly. Consequently, the driver’s routine to re-enable the ACPI GPE bit on every resume causes the reference count to overflow. This overflow can lead to inconsistent or undefined behavior in the kernel's power management subsystem. The correct remediation involves explicitly disabling and then re-enabling the ACPI GPE bit using the acpi_disable_gpe() function to properly manage the reference count and maintain stable wakeup functionality. Although no known exploits are reported in the wild, this vulnerability affects the kernel’s power management and device wakeup mechanisms on affected hardware platforms, potentially leading to system instability or denial of wakeup events.
Potential Impact
For European organizations, especially those relying on Linux systems running on Intel Elkhart Lake hardware—common in embedded systems, industrial IoT devices, and certain enterprise edge computing platforms—this vulnerability could disrupt power management and device wakeup capabilities. The improper handling of ACPI GPE bits may cause devices to fail to wake from soft-off states, impacting availability of critical systems. In environments where uptime and reliable device wakeup are essential, such as manufacturing, telecommunications, or critical infrastructure, this could lead to operational disruptions. While the vulnerability does not directly expose confidentiality or integrity risks, the potential for denial of service through failed wake events or system instability could affect business continuity. Given the lack of known exploits, the immediate threat is low, but unpatched systems remain at risk of unexpected behavior after resume cycles.
Mitigation Recommendations
Organizations should ensure that Linux kernel versions deployed on Intel Elkhart Lake platforms include the patch that properly disables and re-enables the ACPI GPE bit during resume operations. This involves updating to the latest stable kernel releases where this fix is incorporated. System administrators should verify BIOS settings related to the OOB wakeup service and PME wake capability to understand exposure. For embedded or IoT devices where kernel updates are less frequent, vendors should be engaged to provide patched firmware or kernel versions. Additionally, monitoring system logs for unusual power management or wakeup errors can help detect potential issues. Testing resume and wakeup functionality after patch deployment is critical to confirm mitigation effectiveness. Avoiding custom kernel modifications that alter ACPI GPE handling without proper reference count management is also recommended.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2023-52519: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit The EHL (Elkhart Lake) based platforms provide a OOB (Out of band) service, which allows to wakup device when the system is in S5 (Soft-Off state). This OOB service can be enabled/disabled from BIOS settings. When enabled, the ISH device gets PME wake capability. To enable PME wakeup, driver also needs to enable ACPI GPE bit. On resume, BIOS will clear the wakeup bit. So driver need to re-enable it in resume function to keep the next wakeup capability. But this BIOS clearing of wakeup bit doesn't decrement internal OS GPE reference count, so this reenabling on every resume will cause reference count to overflow. So first disable and reenable ACPI GPE bit using acpi_disable_gpe().
AI-Powered Analysis
Technical Analysis
CVE-2023-52519 is a vulnerability identified in the Linux kernel specifically affecting Intel Elkhart Lake (EHL) platforms that utilize the Intel Integrated Sensor Hub (ISH) device. The vulnerability arises from improper handling of the ACPI General Purpose Event (GPE) bit related to the Out-of-Band (OOB) wakeup service. This OOB service enables the system to wake devices from the S5 (Soft-Off) power state, controlled via BIOS settings. When enabled, the ISH device gains PME (Power Management Event) wake capability, which requires the driver to enable the ACPI GPE bit. However, on system resume, the BIOS clears the wakeup bit but does not decrement the internal OS GPE reference count accordingly. Consequently, the driver’s routine to re-enable the ACPI GPE bit on every resume causes the reference count to overflow. This overflow can lead to inconsistent or undefined behavior in the kernel's power management subsystem. The correct remediation involves explicitly disabling and then re-enabling the ACPI GPE bit using the acpi_disable_gpe() function to properly manage the reference count and maintain stable wakeup functionality. Although no known exploits are reported in the wild, this vulnerability affects the kernel’s power management and device wakeup mechanisms on affected hardware platforms, potentially leading to system instability or denial of wakeup events.
Potential Impact
For European organizations, especially those relying on Linux systems running on Intel Elkhart Lake hardware—common in embedded systems, industrial IoT devices, and certain enterprise edge computing platforms—this vulnerability could disrupt power management and device wakeup capabilities. The improper handling of ACPI GPE bits may cause devices to fail to wake from soft-off states, impacting availability of critical systems. In environments where uptime and reliable device wakeup are essential, such as manufacturing, telecommunications, or critical infrastructure, this could lead to operational disruptions. While the vulnerability does not directly expose confidentiality or integrity risks, the potential for denial of service through failed wake events or system instability could affect business continuity. Given the lack of known exploits, the immediate threat is low, but unpatched systems remain at risk of unexpected behavior after resume cycles.
Mitigation Recommendations
Organizations should ensure that Linux kernel versions deployed on Intel Elkhart Lake platforms include the patch that properly disables and re-enables the ACPI GPE bit during resume operations. This involves updating to the latest stable kernel releases where this fix is incorporated. System administrators should verify BIOS settings related to the OOB wakeup service and PME wake capability to understand exposure. For embedded or IoT devices where kernel updates are less frequent, vendors should be engaged to provide patched firmware or kernel versions. Additionally, monitoring system logs for unusual power management or wakeup errors can help detect potential issues. Testing resume and wakeup functionality after patch deployment is critical to confirm mitigation effectiveness. Avoiding custom kernel modifications that alter ACPI GPE handling without proper reference count management is also recommended.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-20T12:30:33.317Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7c27
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/1/2025, 10:10:55 AM
Last updated: 8/18/2025, 7:58:40 AM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.