CVE-2023-53851
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt. But the struct device which the devres is tied to is the DPUs (drm_dev->dev), which may be happen after the DP controller is torn down. Indications of this can be seen in the commonly seen EDID-hexdump full of zeros in the log, or the occasional/rare KASAN fault where the panel's attempt to read the EDID information causes a use after free on DP resources. It's tempting to move the devres to the DP controller's struct device, but the resources used by the device(s) on the aux bus are explicitly torn down in the error path. The KASAN-reported use-after-free also remains, as the DP aux "module" explicitly frees its devres-allocated memory in this code path. As such, explicitly depopulate the aux bus in the error path, and in the component unbind path, to avoid these issues. Patchwork: https://patchwork.freedesktop.org/patch/542163/
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53851
EUVD
EUVD-2023-60145
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of DisplayPort (DP) auxiliary (aux) devices. Specifically, the issue arises because the aux devices are not properly depopulated together with the DP controller during error or unbind paths. This can lead to use-after-free errors when the panel device attempts to read EDID information, causing faults such as KASAN errors or invalid EDID data (all zeros). The fix involves explicitly depopulating the aux bus to prevent these use-after-free issues.


How can this vulnerability impact me? :

This vulnerability can cause system instability or crashes due to use-after-free errors in the DisplayPort auxiliary device handling. It may result in faulty display behavior, such as incorrect or missing EDID information, which can affect display detection and configuration. In rare cases, it could lead to kernel faults that impact system reliability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing indications such as EDID-hexdump logs full of zeros or rare KASAN faults related to use-after-free errors when the panel attempts to read EDID information. Specific commands are not provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that explicitly depopulates the aux bus in the error path and component unbind path to avoid use-after-free issues. No other specific mitigation steps are provided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart