CVE-2023-52921

drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/9a2393af1f35d1975204fc00035c64a1c792b278 patch
https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96 patch
https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399 patch

Frequently Asked Questions

What is the severity of CVE-2023-52921?
CVE-2023-52921 has been scored as a high severity vulnerability.
How to fix CVE-2023-52921?
To fix CVE-2023-52921, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52921 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52921 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52921?
CVE-2023-52921 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.