CVE-2023-53228

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53228
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53228.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53228
Downstream
Published
2025-09-15T14:21:59Z
Modified
2025-10-21T16:11:27.334420Z
Summary
drm/amdgpu: drop redundant sched job cleanup when cs is aborted
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: drop redundant sched job cleanup when cs is aborted

Once command submission failed due to userptr invalidation in amdgpucssubmit, legacy code will perform cleanup of scheduler job. However, it's not needed at all, as former commit has integrated job cleanup stuff into amdgpujobfree. Otherwise, because of double free, a NULL pointer dereference will occur in such scenario.

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f7d66fb2ea43a3016e78a700a2ca6c77a74579f9
Fixed
c1564d4b105ae535eb3183ecaaa987685b20a888
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f7d66fb2ea43a3016e78a700a2ca6c77a74579f9
Fixed
ec02a29c3c2ef8ad3e15a0e3f96b99a00e5d97b4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f7d66fb2ea43a3016e78a700a2ca6c77a74579f9
Fixed
1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8

Affected versions

v6.*

v6.1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8",
        "id": "CVE-2023-53228-169349a0",
        "deprecated": false,
        "target": {
            "function": "amdgpu_cs_submit",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 2472.0,
            "function_hash": "111439317937874304749171499761126873787"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec02a29c3c2ef8ad3e15a0e3f96b99a00e5d97b4",
        "id": "CVE-2023-53228-5cadbcc5",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108199546049867306240417549808528667465",
                "66614987158184982896050738787503626129",
                "176888092927446822173700089763464836599",
                "38022049350875245411149816126800923654",
                "137546632453793511959189762427374846807",
                "47325553985114893663135944864913569112",
                "111015315371342634831853535098063727984",
                "277033018385988331894906310276652667348",
                "289804434259461843061665103457691271520",
                "233928764409046036512652690847212499500",
                "176012788869198032045265176679045581619",
                "220505525605155418287944459706486517865",
                "317016182519040976717782730958781759727",
                "98943946968787301164940749582583112560",
                "240015224539902959846159407556001416806",
                "170482830318486787977700658754326055221",
                "222298548648487072025686798255891002339"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1564d4b105ae535eb3183ecaaa987685b20a888",
        "id": "CVE-2023-53228-7f2d2c48",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108199546049867306240417549808528667465",
                "66614987158184982896050738787503626129",
                "176888092927446822173700089763464836599",
                "38022049350875245411149816126800923654",
                "137546632453793511959189762427374846807",
                "47325553985114893663135944864913569112",
                "111015315371342634831853535098063727984",
                "277033018385988331894906310276652667348",
                "289804434259461843061665103457691271520",
                "233928764409046036512652690847212499500",
                "176012788869198032045265176679045581619",
                "220505525605155418287944459706486517865",
                "317016182519040976717782730958781759727",
                "98943946968787301164940749582583112560",
                "240015224539902959846159407556001416806",
                "170482830318486787977700658754326055221",
                "222298548648487072025686798255891002339"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec02a29c3c2ef8ad3e15a0e3f96b99a00e5d97b4",
        "id": "CVE-2023-53228-b9b24c8c",
        "deprecated": false,
        "target": {
            "function": "amdgpu_cs_submit",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 2472.0,
            "function_hash": "111439317937874304749171499761126873787"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8",
        "id": "CVE-2023-53228-c2ade142",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108199546049867306240417549808528667465",
                "66614987158184982896050738787503626129",
                "176888092927446822173700089763464836599",
                "38022049350875245411149816126800923654",
                "137546632453793511959189762427374846807",
                "47325553985114893663135944864913569112",
                "111015315371342634831853535098063727984",
                "277033018385988331894906310276652667348",
                "289804434259461843061665103457691271520",
                "233928764409046036512652690847212499500",
                "176012788869198032045265176679045581619",
                "220505525605155418287944459706486517865",
                "317016182519040976717782730958781759727",
                "98943946968787301164940749582583112560",
                "240015224539902959846159407556001416806",
                "170482830318486787977700658754326055221",
                "222298548648487072025686798255891002339"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1564d4b105ae535eb3183ecaaa987685b20a888",
        "id": "CVE-2023-53228-fe451108",
        "deprecated": false,
        "target": {
            "function": "amdgpu_cs_submit",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 2472.0,
            "function_hash": "111439317937874304749171499761126873787"
        },
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.16
Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.3.3