CVE-2023-53228

drm/amdgpu: drop redundant sched job cleanup when cs is aborted

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in
amdgpu_cs_submit, legacy code will perform cleanup of scheduler
job. However, it's not needed at all, as former commit has integrated
job cleanup stuff into amdgpu_job_free. Otherwise, because of double
free, a NULL pointer dereference will occur in such scenario. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amdgpu_cs_submit, legacy code will perform cleanup of scheduler job. However, it's not needed at all, as former commit has integrated job cleanup stuff into amdgpu_job_free. Otherwise, because of double free, a NULL pointer dereference will occur in such scenario. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-09-15 CVE Reserved
2025-09-15 CVE Published
2026-03-25 CVE Updated
2026-04-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/49aa99f05dbc75b9ae360a74648c420a80f7ee49	Vuln. Introduced
https://git.kernel.org/stable/c/f7d66fb2ea43a3016e78a700a2ca6c77a74579f9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/cdce1644d85e858c68fb5fa67d78eb1035bf34f4	2026-03-25
https://git.kernel.org/stable/c/c1564d4b105ae535eb3183ecaaa987685b20a888	2023-05-17
https://git.kernel.org/stable/c/ec02a29c3c2ef8ad3e15a0e3f96b99a00e5d97b4	2023-05-17
https://git.kernel.org/stable/c/1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8	2023-05-04

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-53228	2024-04-30
https://bugzilla.redhat.com/show_bug.cgi?id=2395430	2024-04-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.160 < 6.1.167 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.160 < 6.1.167"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.2.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.2.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.3.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.3.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.4"		en		Affected