CVE-2023-53806Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault. [How] When the driver populates subvp info it did it for both the pipes using vblank which caused an outof bounds array access causing the page fault. added checks to allow the top pipe only to fix this issue.

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.06.1.30+1
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c92e6c79acad4b96efeff261d27bdbd8089a7dd24+3
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
drm/amd/display: populate subvp cmd info only for the top pipe2025-12-09
GHSA
GHSA-8pcm-j4xj-qhj7: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System rest2025-12-09
OSV
CVE-2023-53806: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restar2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: drm/amd/display: populate subvp cmd info only for the top pipe2025-12-09
Debian
CVE-2023-53806: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis...2023