CVE-2023-53991 (GCVE-0-2023-53991)

Vulnerability from cvelistv5 – Published: 2025-12-24 10:55 – Updated: 2025-12-24 10:55
VLAI?
Title
drm/msm/dpu: Disallow unallocated resources to be returned
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC blocks, until their allocation/assignment is being sanity-checked in "drm/msm/dpu: Reject topologies for which no DSC blocks are available") remain NULL but will still be returned out of dpu_rm_get_assigned_resources, where the caller expects to get an array containing num_blks valid pointers (but instead gets these NULLs). To prevent this from happening, where null-pointer dereferences typically result in a hard-to-debug platform lockup, num_blks shouldn't increase past NULL blocks and will print an error and break instead. After all, max_blks represents the static size of the maximum number of blocks whereas the actual amount varies per platform. ^1: which can happen after a git rebase ended up moving additions to _dpu_cfg to a different struct which has the same patch context. Patchwork: https://patchwork.freedesktop.org/patch/517636/
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: bb00a452d6f77391441ef7df48f7115dd459cd2f , < 8dbd54d679e3ab37be43bc1ed9f463dbf83a2259 (git)
Affected: bb00a452d6f77391441ef7df48f7115dd459cd2f , < bf661c5e3bc48973acb363c76e3db965d9ed26d0 (git)
Affected: bb00a452d6f77391441ef7df48f7115dd459cd2f , < 9e1e236acdc42b5c43ec8d7f03a39537e70cc309 (git)
Affected: bb00a452d6f77391441ef7df48f7115dd459cd2f , < 9fe3644c720ac87d150f0bba5a4ae86cae55afaf (git)
Affected: bb00a452d6f77391441ef7df48f7115dd459cd2f , < abc40122d9a69f56c04efb5a7485795f5ac799d1 (git)
Create a notification for this product.
    Linux Linux Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/dpu1/dpu_rm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8dbd54d679e3ab37be43bc1ed9f463dbf83a2259",
              "status": "affected",
              "version": "bb00a452d6f77391441ef7df48f7115dd459cd2f",
              "versionType": "git"
            },
            {
              "lessThan": "bf661c5e3bc48973acb363c76e3db965d9ed26d0",
              "status": "affected",
              "version": "bb00a452d6f77391441ef7df48f7115dd459cd2f",
              "versionType": "git"
            },
            {
              "lessThan": "9e1e236acdc42b5c43ec8d7f03a39537e70cc309",
              "status": "affected",
              "version": "bb00a452d6f77391441ef7df48f7115dd459cd2f",
              "versionType": "git"
            },
            {
              "lessThan": "9fe3644c720ac87d150f0bba5a4ae86cae55afaf",
              "status": "affected",
              "version": "bb00a452d6f77391441ef7df48f7115dd459cd2f",
              "versionType": "git"
            },
            {
              "lessThan": "abc40122d9a69f56c04efb5a7485795f5ac799d1",
              "status": "affected",
              "version": "bb00a452d6f77391441ef7df48f7115dd459cd2f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/dpu1/dpu_rm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Disallow unallocated resources to be returned\n\nIn the event that the topology requests resources that have not been\ncreated by the system (because they are typically not represented in\ndpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC\nblocks, until their allocation/assignment is being sanity-checked in\n\"drm/msm/dpu: Reject topologies for which no DSC blocks are available\")\nremain NULL but will still be returned out of\ndpu_rm_get_assigned_resources, where the caller expects to get an array\ncontaining num_blks valid pointers (but instead gets these NULLs).\n\nTo prevent this from happening, where null-pointer dereferences\ntypically result in a hard-to-debug platform lockup, num_blks shouldn\u0027t\nincrease past NULL blocks and will print an error and break instead.\nAfter all, max_blks represents the static size of the maximum number of\nblocks whereas the actual amount varies per platform.\n\n^1: which can happen after a git rebase ended up moving additions to\n_dpu_cfg to a different struct which has the same patch context.\n\nPatchwork: https://patchwork.freedesktop.org/patch/517636/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:29.833Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8dbd54d679e3ab37be43bc1ed9f463dbf83a2259"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf661c5e3bc48973acb363c76e3db965d9ed26d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e1e236acdc42b5c43ec8d7f03a39537e70cc309"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fe3644c720ac87d150f0bba5a4ae86cae55afaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/abc40122d9a69f56c04efb5a7485795f5ac799d1"
        }
      ],
      "title": "drm/msm/dpu: Disallow unallocated resources to be returned",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53991",
    "datePublished": "2025-12-24T10:55:29.833Z",
    "dateReserved": "2025-12-24T10:53:46.176Z",
    "dateUpdated": "2025-12-24T10:55:29.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53991\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T11:15:52.000\",\"lastModified\":\"2025-12-29T15:58:56.260\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/msm/dpu: Disallow unallocated resources to be returned\\n\\nIn the event that the topology requests resources that have not been\\ncreated by the system (because they are typically not represented in\\ndpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC\\nblocks, until their allocation/assignment is being sanity-checked in\\n\\\"drm/msm/dpu: Reject topologies for which no DSC blocks are available\\\")\\nremain NULL but will still be returned out of\\ndpu_rm_get_assigned_resources, where the caller expects to get an array\\ncontaining num_blks valid pointers (but instead gets these NULLs).\\n\\nTo prevent this from happening, where null-pointer dereferences\\ntypically result in a hard-to-debug platform lockup, num_blks shouldn\u0027t\\nincrease past NULL blocks and will print an error and break instead.\\nAfter all, max_blks represents the static size of the maximum number of\\nblocks whereas the actual amount varies per platform.\\n\\n^1: which can happen after a git rebase ended up moving additions to\\n_dpu_cfg to a different struct which has the same patch context.\\n\\nPatchwork: https://patchwork.freedesktop.org/patch/517636/\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/8dbd54d679e3ab37be43bc1ed9f463dbf83a2259\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9e1e236acdc42b5c43ec8d7f03a39537e70cc309\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9fe3644c720ac87d150f0bba5a4ae86cae55afaf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/abc40122d9a69f56c04efb5a7485795f5ac799d1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bf661c5e3bc48973acb363c76e3db965d9ed26d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.