CVE-2023-53314
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 2.6.32 (inc) to 4.14.326 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.295 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.257 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.195 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.132 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.54 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's fbdev/ep93xx-fb driver incorrectly assigning the Linux device to the struct fb_info.dev field. The register_framebuffer() function initializes this field, and drivers should not override it. Overriding it causes the driver to incorrectly decrease the hardware device's reference counter and leak the fbdev device.
How can this vulnerability impact me? :
The vulnerability can lead to improper management of device reference counters, causing resource leaks of the fbdev device. This could potentially result in system instability or unexpected behavior related to framebuffer device management.