CVE-2023-52825: drm/amdkfd: Fix a race condition of vram buffer unref in svm code
First published: Tue May 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix a race condition of vram buffer unref in svm code prange->svm_bo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync svm_bo unref operation to avoid random "use-after-free".
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | <5.15.140 | |
| Linux Kernel | >=5.16<6.1.64 | |
| Linux Kernel | >=6.2<6.5.13 | |
| Linux Kernel | >=6.6<6.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/7d43cdd22cd81a2b079e864c4321b9aba4c6af34
- https://git.kernel.org/stable/c/50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e
- https://git.kernel.org/stable/c/c772eacbd6d0845fc922af8716bb9d29ae27b8cf
- https://git.kernel.org/stable/c/fc0210720127cc6302e6d6f3de48f49c3fcf5659
- https://git.kernel.org/stable/c/709c348261618da7ed89d6c303e2ceb9e453ba74
Frequently Asked Questions
What is the severity of CVE-2023-52825?
CVE-2023-52825 is classified as a moderate severity vulnerability due to its impact on the Linux kernel's vram buffer management.
How do I fix CVE-2023-52825?
To mitigate the effects of CVE-2023-52825, you should upgrade to the latest patched version of the Linux kernel as per the vendor's recommendations.
Which versions of the Linux kernel are affected by CVE-2023-52825?
CVE-2023-52825 affects various versions of the Linux kernel, specifically those before 5.15.140 and between 5.16 and 6.1.64, 6.2 and 6.5.13, as well as 6.6 and 6.6.3.
What components are involved in CVE-2023-52825?
CVE-2023-52825 specifically involves the drm and amdkfd components related to the Linux kernel's memory management.
Is there a workaround for CVE-2023-52825?
There are currently no known workarounds for CVE-2023-52825, and it is recommended to update the Linux kernel to the fixed version.
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/severity
- agent/event
- agent/weakness
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.6