CVE-2023-54202

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-54202
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54202.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-54202
Downstream
Related
Published
2025-12-30T12:09:06.872Z
Modified
2026-03-20T12:33:29.689476Z
Summary
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: fix race condition UAF in i915perfaddconfigioctl

Userspace can guess the id value and try to race oaconfig object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking the metricslock. For that reason, unlocking the metrics_lock must be done after we are done dereferencing the object.

[tursulin: Manually added stable tag.] (cherry picked from commit 49f6f6483b652108bcb73accd0204a464b922395)

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54202.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f89823c212246d0671cc51e69894a3df1a743aee
Fixed
6eeb1cba4c9dc47656ea328afa34953c28783d8c
Fixed
240b1502708858b5e3f10b6dc5ca3f148a322fef
Fixed
7eb98f5ac551863efe8be810cea1cd5411d677b1
Fixed
dc30c011469165d57af9adac5baff7d767d20e5c

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54202.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.14.0
Fixed
5.15.108
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.24
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.11

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54202.json"