CVE-2023-53833

09.12.2025, 16:17

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix NULL ptr deref by checking new_crtc_state

intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't
obtained previously with intel_atomic_get_crtc_state, so we must check it
for NULLness here, just as in many other places, where we can't guarantee
that intel_atomic_get_crtc_state was called.
We are currently getting NULL ptr deref because of that, so this fix was
confirmed to help.

(cherry picked from commit 1d5b09f8daf859247a1ea65b0d732a24d88980d8)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.244-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.9-1 fixed
sid	6.17.11-1 fixed

References

https://git.kernel.org/stable/c/8b3c0d2d1685ba40b0af4ee1f8d8824a73870f88

https://git.kernel.org/stable/c/a41d985902c153c31c616fe183cf2ee331e95ecb

https://git.kernel.org/stable/c/dbf25cc21beff4fd2e730573845a266504b21bb2