CVE-2023-53228
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: drop redundant sched job cleanup when cs is aborted
Once command submission failed due to userptr invalidation in
amdgpu_cs_submit, legacy code will perform cleanup of scheduler
job. However, it's not needed at all, as former commit has integrated
job cleanup stuff into amdgpu_job_free. Otherwise, because of double
free, a NULL pointer dereference will occur in such scenario.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.2 (inc) to 6.2.16 (exc) |
| linux | linux_kernel | From 6.3 (inc) to 6.3.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's amdgpu driver where redundant cleanup of scheduler jobs happens when a command submission fails due to user pointer invalidation. The legacy code performs an unnecessary cleanup that has already been handled elsewhere, leading to a double free and resulting in a NULL pointer dereference.
How can this vulnerability impact me? :
The vulnerability can cause a NULL pointer dereference in the Linux kernel, which may lead to system crashes or instability when the affected code path is triggered.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70