CVE-2023-53625
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53625
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53625.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53625
- Downstream
- Published
- 2025-10-07T15:19:30Z
- Modified
- 2025-10-21T18:13:20.775729Z
- Summary
- drm/i915/gvt: fix vgpu debugfs clean in remove
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gvt: fix vgpu debugfs clean in remove
Check carefully on root debugfs available when destroying vgpu, e.g in remove case drm minor's debugfs root might already be destroyed, which led to kernel oops like below.
Console: switching to colour dummy device 80x25 i915 0000:00:02.0: MDEV: Unregistering intelvgpumdev b1338b2d-a709-4c23-b766-cc436c36cdf0: Removing from iommu group 14 BUG: kernel NULL pointer dereference, address: 0000000000000150 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 3 PID: 1046 Comm: driverctl Not tainted 6.1.0-rc2+ #6 Hardware name: HP HP ProDesk 600 G3 MT/829D, BIOS P02 Ver. 02.44 09/13/2022 RIP: 0010:_lockacquire+0x5e2/0x1f90 Code: 87 ad 09 00 00 39 05 e1 1e cc 02 0f 82 f1 09 00 00 ba 01 00 00 00 48 83 c4 48 89 d0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 45 31 ff <48> 81 3f 60 9e c2 b6 45 0f 45 f8 83 fe 01 0f 87 55 fa ff ff 89 f0 RSP: 0018:ffff9f770274f948 EFLAGS: 00010046 RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000150 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8895d1173300 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000150 R14: 0000000000000000 R15: 0000000000000000 FS: 00007fc9b2ba0740(0000) GS:ffff889cdfcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000150 CR3: 000000010fd93005 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> lockacquire+0xbf/0x2b0 ? simplerecursiveremoval+0xa5/0x2b0 ? lockrelease+0x13d/0x2d0 downwrite+0x2a/0xd0 ? simplerecursiveremoval+0xa5/0x2b0 simplerecursiveremoval+0xa5/0x2b0 ? startcreating.part.0+0x110/0x110 ? rawspinunlock+0x29/0x40 debugfsremove+0x40/0x60 intelgvtdebugfsremovevgpu+0x15/0x30 [kvmgt] intelgvtdestroyvgpu+0x60/0x100 [kvmgt] intelvgpureleasedev+0xe/0x20 [kvmgt] devicerelease+0x30/0x80 kobjectput+0x79/0x1b0 devicereleasedriverinternal+0x1b8/0x230 busremovedevice+0xec/0x160 devicedel+0x189/0x400 ? upwrite+0x9c/0x1b0 ? mdevdeviceremovecommon+0x60/0x60 [mdev] mdevdeviceremovecommon+0x22/0x60 [mdev] mdevdeviceremovecb+0x17/0x20 [mdev] deviceforeachchild+0x56/0x80 mdevunregisterparent+0x5a/0x81 [mdev] intelgvtcleandevice+0x2d/0xe0 [kvmgt] intelgvtdriverremove+0x2e/0xb0 [i915] i915driverremove+0xac/0x100 [i915] i915pciremove+0x1a/0x30 [i915] pcideviceremove+0x31/0xa0 devicereleasedriverinternal+0x1b8/0x230 unbindstore+0xd8/0x100 kernfsfopwriteiter+0x156/0x210 vfswrite+0x236/0x4a0 ksyswrite+0x61/0xd0 dosyscall64+0x55/0x80 ? findheldlock+0x2b/0x80 ? lockrelease+0x13d/0x2d0 ? upread+0x17/0x20 ? lockisheldtype+0xe3/0x140 ? asmexcpagefault+0x22/0x30 ? lockdephardirqson+0x7d/0x100 entrySYSCALL64afterhwframe+0x46/0xb0 RIP: 0033:0x7fc9b2c9e0c4 Code: 15 71 7d 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 3d 05 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 48 89 54 24 18 48 RSP: 002b:00007ffec29c81c8 EFLAGS: 00000202 ORIGRAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc9b2c9e0c4 RDX: 000000000000000d RSI: 0000559f8b5f48a0 RDI: 0000000000000001 RBP: 0000559f8b5f48a0 R08: 0000559f8b5f3540 R09: 00007fc9b2d76d30 R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000d R13: 00007fc9b2d77780 R14: 000000000000000d R15: 00007fc9b2d72a00 </TASK> Modules linked in: sunrpc intelraplmsr intelraplcommon intelpmccorepltdrv intelpmccore inteltcccooling x86pkgtempthermal intelpowerclamp coretemp kvmintel ee1004 igbvf rapl vfat fat intelcstate inteluncore pktcdvd i2ci801 pcspkr wmibmof i2csmbus acpipad vfiopci vfiopcicore vfio_virqfd zram fuse dm ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/44c0e07e3972e3f2609d69ad873d4f342f8a68ec
- https://git.kernel.org/stable/c/704f3384f322b40ba24d958473edfb1c9750c8fd
- https://git.kernel.org/stable/c/af90f8b36d78544433a48a3eda6a5faeafacd0a1
- https://git.kernel.org/stable/c/f5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde
- https://git.kernel.org/stable/c/ffa83fba2a2ce8010eb106c779378cb3013362c7
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc7b0be316aebac42eb9e8e54c984609555944daFixedaf90f8b36d78544433a48a3eda6a5faeafacd0a1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc7b0be316aebac42eb9e8e54c984609555944daFixedf5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc7b0be316aebac42eb9e8e54c984609555944daFixedffa83fba2a2ce8010eb106c779378cb3013362c7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc7b0be316aebac42eb9e8e54c984609555944daFixed44c0e07e3972e3f2609d69ad873d4f342f8a68ec
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc7b0be316aebac42eb9e8e54c984609555944daFixed704f3384f322b40ba24d958473edfb1c9750c8fd
Affected versions
v4.*
v5.*
v6.*
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"digest": {
"function_hash": "330151447968751844328247029725130251409",
"length": 94.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af90f8b36d78544433a48a3eda6a5faeafacd0a1",
"target": {
"function": "intel_gvt_debugfs_remove_vgpu",
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-30dcbfe0"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109858668782861113307154703179538761075",
"314427169322868925715538820583432184456",
"175310254567341603233828919187163094550",
"98885583599287052140849597410617843098",
"8732567657655272417055657678830830817"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffa83fba2a2ce8010eb106c779378cb3013362c7",
"target": {
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-31f94161"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "330151447968751844328247029725130251409",
"length": 94.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffa83fba2a2ce8010eb106c779378cb3013362c7",
"target": {
"function": "intel_gvt_debugfs_remove_vgpu",
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-500c60bc"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109858668782861113307154703179538761075",
"314427169322868925715538820583432184456",
"175310254567341603233828919187163094550",
"98885583599287052140849597410617843098",
"8732567657655272417055657678830830817"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@704f3384f322b40ba24d958473edfb1c9750c8fd",
"target": {
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-5230654d"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109858668782861113307154703179538761075",
"314427169322868925715538820583432184456",
"175310254567341603233828919187163094550",
"98885583599287052140849597410617843098",
"8732567657655272417055657678830830817"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@44c0e07e3972e3f2609d69ad873d4f342f8a68ec",
"target": {
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-54a9a07a"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109858668782861113307154703179538761075",
"314427169322868925715538820583432184456",
"175310254567341603233828919187163094550",
"98885583599287052140849597410617843098",
"8732567657655272417055657678830830817"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde",
"target": {
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-56ad327f"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "330151447968751844328247029725130251409",
"length": 94.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde",
"target": {
"function": "intel_gvt_debugfs_remove_vgpu",
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-6234cb30"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "330151447968751844328247029725130251409",
"length": 94.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@44c0e07e3972e3f2609d69ad873d4f342f8a68ec",
"target": {
"function": "intel_gvt_debugfs_remove_vgpu",
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-890e00aa"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109858668782861113307154703179538761075",
"314427169322868925715538820583432184456",
"175310254567341603233828919187163094550",
"98885583599287052140849597410617843098",
"8732567657655272417055657678830830817"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af90f8b36d78544433a48a3eda6a5faeafacd0a1",
"target": {
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-8c38019d"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "330151447968751844328247029725130251409",
"length": 94.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@704f3384f322b40ba24d958473edfb1c9750c8fd",
"target": {
"function": "intel_gvt_debugfs_remove_vgpu",
"file": "drivers/gpu/drm/i915/gvt/debugfs.c"
},
"id": "CVE-2023-53625-e216647f"
}
]