{ "threat_severity" : "Moderate", "public_date" : "2025-09-17T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/ttm: check null pointer before accessing when swapping", "id" : "2396113", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396113" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/ttm: check null pointer before accessing when swapping\nAdd a check to avoid null pointer dereference as below:\n[ 90.002283] general protection fault, probably for non-canonical\naddress 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[ 90.002292] KASAN: null-ptr-deref in range\n[0x0000000000000000-0x0000000000000007]\n[ 90.002346] ? exc_general_protection+0x159/0x240\n[ 90.002352] ? asm_exc_general_protection+0x26/0x30\n[ 90.002357] ? ttm_bo_evict_swapout_allowable+0x322/0x5e0 [ttm]\n[ 90.002365] ? ttm_bo_evict_swapout_allowable+0x42e/0x5e0 [ttm]\n[ 90.002373] ttm_bo_swapout+0x134/0x7f0 [ttm]\n[ 90.002383] ? __pfx_ttm_bo_swapout+0x10/0x10 [ttm]\n[ 90.002391] ? lock_acquire+0x44d/0x4f0\n[ 90.002398] ? ttm_device_swapout+0xa5/0x260 [ttm]\n[ 90.002412] ? lock_acquired+0x355/0xa00\n[ 90.002416] ? do_raw_spin_trylock+0xb6/0x190\n[ 90.002421] ? __pfx_lock_acquired+0x10/0x10\n[ 90.002426] ? ttm_global_swapout+0x25/0x210 [ttm]\n[ 90.002442] ttm_device_swapout+0x198/0x260 [ttm]\n[ 90.002456] ? __pfx_ttm_device_swapout+0x10/0x10 [ttm]\n[ 90.002472] ttm_global_swapout+0x75/0x210 [ttm]\n[ 90.002486] ttm_tt_populate+0x187/0x3f0 [ttm]\n[ 90.002501] ttm_bo_handle_move_mem+0x437/0x590 [ttm]\n[ 90.002517] ttm_bo_validate+0x275/0x430 [ttm]\n[ 90.002530] ? __pfx_ttm_bo_validate+0x10/0x10 [ttm]\n[ 90.002544] ? kasan_save_stack+0x33/0x60\n[ 90.002550] ? kasan_set_track+0x25/0x30\n[ 90.002554] ? __kasan_kmalloc+0x8f/0xa0\n[ 90.002558] ? amdgpu_gtt_mgr_new+0x81/0x420 [amdgpu]\n[ 90.003023] ? ttm_resource_alloc+0xf6/0x220 [ttm]\n[ 90.003038] amdgpu_bo_pin_restricted+0x2dd/0x8b0 [amdgpu]\n[ 90.003210] ? __x64_sys_ioctl+0x131/0x1a0\n[ 90.003210] ? do_syscall_64+0x60/0x90" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53352\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53352\nhttps://lore.kernel.org/linux-cve-announce/2025091720-CVE-2023-53352-9be5@gregkh/T" ], "name" : "CVE-2023-53352", "csaw" : false }