CVE-2023-53351
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work queue before calling timeout handling During an IGT GPU reset test we see again oops despite of commit 0c8c901aaaebc9 (drm/sched: Check scheduler ready before calling timeout handling). It uses ready condition whether to call drm_sched_fault which unwind the TDR leads to GPU reset. However it looks the ready condition is overloaded with other meanings, for example, for the following stack is related GPU reset : 0 gfx_v9_0_cp_gfx_start 1 gfx_v9_0_cp_gfx_resume 2 gfx_v9_0_cp_resume 3 gfx_v9_0_hw_init 4 gfx_v9_0_resume 5 amdgpu_device_ip_resume_phase2 does the following: /* start the ring */ gfx_v9_0_cp_gfx_start(adev); ring->sched.ready = true; The same approach is for other ASICs as well : gfx_v8_0_cp_gfx_resume gfx_v10_0_kiq_resume, etc... As a result, our GPU reset test causes GPU fault which calls unconditionally gfx_v9_0_fault and then drm_sched_fault. However now it depends on whether the interrupt service routine drm_sched_fault is executed after gfx_v9_0_cp_gfx_start is completed which sets the ready field of the scheduler to true even for uninitialized schedulers and causes oops vs no fault or when ISR drm_sched_fault is completed prior gfx_v9_0_cp_gfx_start and NULL pointer dereference does not occur. Use the field timeout_wq to prevent oops for uninitialized schedulers. The field could be initialized by the work queue of resetting the domain. v1: Corrections to commit message (Luben)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53351
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.3.1 (inc) to 6.3.4 (exc)
linux linux_kernel 6.3
linux linux_kernel 6.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's DRM scheduler involves improper checking of the scheduler's work queue before handling timeouts. Specifically, the scheduler's 'ready' condition is overloaded with multiple meanings, leading to a situation where a GPU reset test causes a GPU fault that triggers drm_sched_fault unconditionally. This can cause a NULL pointer dereference (oops) when the interrupt service routine drm_sched_fault executes before the scheduler is properly initialized by gfx_v9_0_cp_gfx_start. The fix involves using the 'timeout_wq' field to prevent oops by ensuring the work queue is initialized before timeout handling is called.

Impact Analysis

This vulnerability can cause the Linux kernel to crash (oops) due to a NULL pointer dereference during GPU reset operations. This can lead to system instability, unexpected GPU resets, and potential loss of data or service interruptions on systems using affected GPU drivers.

Mitigation Strategies

The vulnerability is addressed by ensuring that the scheduler work queue (timeout_wq) is checked before calling timeout handling to prevent oops for uninitialized schedulers. Immediate mitigation involves updating the Linux kernel to a version that includes the fix which uses the timeout_wq field to prevent faults during GPU reset sequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart