{ "threat_severity" : "Moderate", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/amdgpu: Fix sdma v4 sw fini error", "id" : "2401511", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401511" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1341", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: Fix sdma v4 sw fini error\nFix sdma v4 sw fini error for sdma 4.2.2 to\nsolve the following general protection fault\n[ +0.108196] general protection fault, probably for non-canonical\naddress 0xd5e5a4ae79d24a32: 0000 [#1] PREEMPT SMP PTI\n[ +0.000018] RIP: 0010:free_fw_priv+0xd/0x70\n[ +0.000022] Call Trace:\n[ +0.000012] \n[ +0.000011] release_firmware+0x55/0x80\n[ +0.000021] amdgpu_ucode_release+0x11/0x20 [amdgpu]\n[ +0.000415] amdgpu_sdma_destroy_inst_ctx+0x4f/0x90 [amdgpu]\n[ +0.000360] sdma_v4_0_sw_fini+0xce/0x110 [amdgpu]", "An invalid pointer dereference flaw was found in the Linux kernel AMD GPU SDMA v4 driver's cleanup code. On systems with SDMA 4.2.2 hardware, driver unload or system shutdown triggers the sdma_v4_0_sw_fini() cleanup path, which attempts to release firmware using an uninitialized or corrupted pointer, causing a general protection fault with a non-canonical address and denial of service through kernel crash." ], "statement" : "For SDMA 4.2.2 hardware, sdma_v4_0_sw_fini() fails to properly handle firmware context cleanup. During driver finalization, the code calls amdgpu_sdma_destroy_inst_ctx() which attempts to release firmware via amdgpu_ucode_release(). The firmware pointer appears to be uninitialized or corrupted, causing free_fw_priv() to dereference an invalid address (0xd5e5a4ae79d24a32).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53547\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53547\nhttps://lore.kernel.org/linux-cve-announce/2025100446-CVE-2023-53547-38ce@gregkh/T" ], "name" : "CVE-2023-53547", "mitigation" : { "value" : "To mitigate this issue, prevent the amdgpu module from loading. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.", "lang" : "en:us" }, "csaw" : false }