CVE-2023-53316

EUVD-2023-59945
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: Free resources after unregistering them

The DP component's unbind operation walks through the submodules to
unregister and clean things up. But if the unbind happens because the DP
controller itself is being removed, all the memory for those submodules
has just been freed.

Change the order of these operations to avoid the many use-after-free
that otherwise happens in this code path.

Patchwork: https://patchwork.freedesktop.org/patch/542166/
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.10 ≤
𝑥
< 5.10.188
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.121
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.39
linuxlinux_kernel
6.2 ≤
𝑥
< 6.3.13
linuxlinux_kernel
6.4 ≤
𝑥
< 6.4.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/3c3f3d35f5e05c468b048eb42a4f8c62c6655692
https://git.kernel.org/stable/c/4e9f1a2367aea7d61f6781213e25313cd983b0d7
https://git.kernel.org/stable/c/5c3278db06e332fdc14f3f297499fb88ded264d2
https://git.kernel.org/stable/c/c67a55f7cc8d767d624235bf1bcd0947e56abe0f
https://git.kernel.org/stable/c/ca47d0dc00968358c136a1847cfed550cedfd1b5
https://git.kernel.org/stable/c/fa0048a4b1fa7a50c8b0e514f5b428abdf69a6f8