CVE-2023-53389
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.1 (inc) to 6.1.28 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.2.15 (exc) |
| linux | linux_kernel | From 6.3 (inc) to 6.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the MediaTek DisplayPort interface bridge driver in the Linux kernel. The driver starts its interrupts as soon as it is probed, but sometimes these interrupts trigger before the bridge is attached to a DRM device. Because the function drm_helper_hpd_irq_event() does not verify if the drm_device passed to it is valid, a NULL pointer can be passed, causing a kernel NULL pointer dereference (a type of crash). The fix ensures that HPD (Hot Plug Detect) events are only triggered if the bridge is properly attached.
How can this vulnerability impact me? :
This vulnerability can cause a kernel NULL pointer dereference, which may lead to a system crash or instability in the Linux kernel when using the MediaTek DisplayPort interface bridge driver. This could result in denial of service or unexpected behavior on affected systems.