{
  "threat_severity" : "Low",
  "public_date" : "2025-10-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/amdgpu: unmap and remove csa_va properly",
    "id" : "2401539",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401539"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-366",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: unmap and remove csa_va properly\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\nv2: check fpriv->csa_va is not NULL instead of amdgpu_mcbp (christian)\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097]  <TASK>\n[14616.937102]  amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187]  drm_file_free+0x1d6/0x300 [drm]\n[14616.937207]  drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220]  drm_release+0x5e/0x100 [drm]\n[14616.937234]  __fput+0x9f/0x280\n[14616.937239]  ____fput+0xe/0x20\n[14616.937241]  task_work_run+0x61/0x90\n[14616.937246]  exit_to_user_mode_prepare+0x215/0x220\n[14616.937251]  syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254]  do_syscall_64+0x48/0x90\n[14616.937257]  entry_SYSCALL_64_after_hwframe+0x63/0xcd", "A locking violation was found in the Linux kernel's AMD GPU driver in the context save area cleanup path. \nA local user can trigger this issue when closing GPU contexts, causing the driver to unmap and remove virtual memory mappings without first reserving the root page directory buffer object. This violates kernel locking rules and triggers lockdep warnings, potentially leading to system instability and denial of service." ],
  "statement" : "AMD GPUs use a context save area (CSA) to preserve GPU state across context switches. When a process closes its GPU file descriptor, the cleanup code needs to unmap the CSA virtual address and remove it from the GPU's virtual memory system. The amdgpu_vm_bo_del function—which handles this unmapping—requires that the root page directory BO be reserved (locked) before it can safely modify the VM structure. However, the cleanup path in amdgpu_driver_postclose_kms was calling this function without holding the required lock. This creates a race condition window where concurrent GPU operations could be accessing the same VM structures. Lockdep immediately catches this violation and emits warnings. While the immediate symptom is warning messages, the underlying race could cause memory corruption or use-after-free conditions.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53545\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53545\nhttps://lore.kernel.org/linux-cve-announce/2025100445-CVE-2023-53545-8d50@gregkh/T" ],
  "name" : "CVE-2023-53545",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the amdgpu module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.",
    "lang" : "en:us"
  },
  "csaw" : false
}