CVE-2023-53095

Description

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res->bo assignment is protected by the LRU lock, whereas bo->resource is protected by the object lock, while *clearing* of bo->resource is also protected by the LRU lock. This means that if we check that bo->resource points to the LRU resource under the LRU lock we should be safe. So perform that check before deciding to swap out a bo. That avoids dereferencing a NULL bo->resource in ttm_bo_swapout().

Reserved 2025-05-02 | Published 2025-05-02 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

6a9b028994025f5033f10d1da30b29dfdc713384 before 9ba1720f6c4a0f13c3f3cb5c28132ee75555d04f
affected

6a9b028994025f5033f10d1da30b29dfdc713384 before 9d9b1f9f7a72d83ebf173534e76b246349f32374
affected

6a9b028994025f5033f10d1da30b29dfdc713384 before 9a9a8fe26751334b7739193a94eba741073b8a55
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

6.1.21
unaffected

6.2.8
unaffected

6.3
unaffected

References

git.kernel.org/...c/9ba1720f6c4a0f13c3f3cb5c28132ee75555d04f

git.kernel.org/...c/9d9b1f9f7a72d83ebf173534e76b246349f32374

git.kernel.org/...c/9a9a8fe26751334b7739193a94eba741073b8a55

cve.org (CVE-2023-53095)

nvd.nist.gov (CVE-2023-53095)

Download JSON