PT-2025-40694 · Linux+4 · Linux Kernel+4

Publicado

2023-05-09

Atualizado

2026-01-19

CVE-2023-53552

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the drm/i915 subsystem related to handling requests for GuC virtual engines. Specifically, references to i915 requests could be held indefinitely across different processes via sync file or dmabuf, potentially leading to memory leaks. To address this, the kernel attempts to avoid retaining references to requests after their completion and introduces a new bit in rq->execution mask to identify virtual engines. This change aims to prevent a use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2025_16880

ALSA-2026:0759

ALSA-2026:0760

CESA-2023_2951

CVE-2023-53552

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

RHSA-2024:2394

RHSA-2024_2394

RHSA-2026:0759

RHSA-2026:0760

RHSA-2026:1441

RHSA-2026:1443

RHSA-2026:1445

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Produtos afetados

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-40694 · Linux+4 · Linux Kernel+4

CVE-2023-53552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1327