CVE-2023-52921

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52921
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52921.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52921
Downstream
Related
Published
2024-11-19T01:26:30Z
Modified
2025-10-08T17:31:42.063646Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix possible UAF in amdgpucspass1()

Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data.

Suggested by Ye Zhang (@VAR10CK) of Baidu Security.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2ebf61f2cfb9a11bc17db30df3e675a4cd7418d3
Fixed
e08e9dd09809b16f8f8cee8c466841b33d24ed96
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2ebf61f2cfb9a11bc17db30df3e675a4cd7418d3
Fixed
90e065677e0362a777b9db97ea21d43a39211399

Affected versions

v6.*

v6.1
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.10
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.11