CVE-2023-52691

drm/amd/pm: fix a double-free in si_dpm_init

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0 patch
https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706 patch
https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4 patch
https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334 patch
https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2 patch
https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9 patch
https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a patch
https://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2023-52691?
CVE-2023-52691 has been scored as a high severity vulnerability.
How to fix CVE-2023-52691?
To fix CVE-2023-52691, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52691 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52691 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52691?
CVE-2023-52691 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.