CVE-2023-52921

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-52921

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52921.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52921

Downstream

BELL-CVE-2023-52921

DEBIAN-CVE-2023-52921

ROOT-OS-UBUNTU-2204-CVE-2023-52921

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

UBUNTU-CVE-2023-52921

Related

Published

2024-11-19T01:26:30.495Z

Modified

2026-02-24T10:46:00.596186Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix possible UAF in amdgpucspass1()

Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data.

Suggested by Ye Zhang (@VAR10CK) of Baidu Security.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52921.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2ebf61f2cfb9a11bc17db30df3e675a4cd7418d3

Fixed

e08e9dd09809b16f8f8cee8c466841b33d24ed96

Fixed

90e065677e0362a777b9db97ea21d43a39211399

Affected versions

v6.*

v6.1

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.10

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-52921-a0cb7df4",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e08e9dd09809b16f8f8cee8c466841b33d24ed96",
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "240209708621369562113622910855286853238",
                "53275361617941271727694362982747826592",
                "324919956152372537465337172453517259443",
                "247490806229019755434001335653306777249"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52921-acae518d",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@90e065677e0362a777b9db97ea21d43a39211399",
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "240209708621369562113622910855286853238",
                "53275361617941271727694362982747826592",
                "324919956152372537465337172453517259443",
                "247490806229019755434001335653306777249"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52921-bf9d3f43",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@90e065677e0362a777b9db97ea21d43a39211399",
        "target": {
            "function": "amdgpu_cs_pass1",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "digest": {
            "length": 3329.0,
            "function_hash": "291697606317842678226745438604393841928"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52921-fe047d75",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e08e9dd09809b16f8f8cee8c466841b33d24ed96",
        "target": {
            "function": "amdgpu_cs_pass1",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "digest": {
            "length": 3315.0,
            "function_hash": "82979503112269603561854775241952653345"
        },
        "signature_type": "Function"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52921.json"

Git / github.com/gregkh/linux

Affected ranges

Type: GIT
Repo: https://github.com/gregkh/linux
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c44e13dc284f7f4db17706ca48fd016d6b3d49a

Introduced

c9c3395d5e3dcc6daee66c6908354d47bf98cb0c

Fixed

eb3cdb587879a7794c7f649011c565d7a94f3e2e

Affected versions

v6.*

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9