CVE-2023-53325
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-10
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.1 (inc) to 6.1.55 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.5.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's MediaTek DisplayPort (dp) driver where logging functions were incorrectly used in the mtk_dp_aux_transfer() and mtk_dp_aux_do_transfer() functions. The logging was done using drm_{err,info}() instead of dev_{err,info}(), which could lead to NULL pointer kernel panics if errors occur during AUX transfers before the bridge is attached. This issue arises because AUX transfers may be triggered from the panel driver for EDID before the mtk-dp bridge is attached, potentially causing system instability or crashes.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to experience NULL pointer kernel panics during AUX transfers in the MediaTek DisplayPort driver, leading to system crashes or instability. This can affect system reliability and availability, especially in environments using affected hardware and kernel versions.