PT-2025-40694 · Linux+4 · Linux Kernel+4

Published

2023-05-09

Updated

2026-01-19

CVE-2023-53552

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the drm/i915 subsystem related to handling requests for GuC virtual engines. Specifically, references to i915 requests could be held indefinitely across different processes via sync file or dmabuf, potentially leading to memory leaks. To address this, the kernel attempts to avoid retaining references to requests after their completion and introduces a new bit in rq->execution mask to identify virtual engines. This change aims to prevent a use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

ALSA-2026:0759

ALSA-2026:0760

CESA-2023_2951

CVE-2023-53552

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

RHSA-2024:2394

RHSA-2024_2394

RHSA-2026:0759

RHSA-2026:0760

RHSA-2026:1441

RHSA-2026:1443

RHSA-2026:1445

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-40694 · Linux+4 · Linux Kernel+4

CVE-2023-53552

Weakness Enumeration

Related Identifiers

Affected Products

References · 1327