{ "threat_severity" : "Low", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: drm: amd: display: Fix memory leakage", "id" : "2401553", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401553" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-771", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm: amd: display: Fix memory leakage\nThis commit fixes memory leakage in dc_construct_ctx() function.", "A memory leak flaw was found in the Linux kernel's AMD display driver in the display context construction logic. A local user can trigger this issue during AMD GPU initialization when the dc_construct_ctx function fails to release allocated memory in error paths. This results in permanent memory leaks leading to resource exhaustion and denial of service." ], "statement" : "The dc_construct_ctx function is responsible for initializing the display controller context during AMD GPU driver initialization. When errors occur during this process, certain code paths fail to free previously allocated memory structures before returning. Since this function is called during driver initialization and errors are typically fatal (preventing the driver from loading successfully), the leaked memory persists until system reboot. While the leak occurs once per failed initialization rather than repeatedly during runtime, it represents wasted memory resources that cannot be reclaimed without rebooting.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53605\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53605\nhttps://lore.kernel.org/linux-cve-announce/2025100432-CVE-2023-53605-a660@gregkh/T" ], "name" : "CVE-2023-53605", "mitigation" : { "value" : "To mitigate this issue, prevent the amdgpu module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.", "lang" : "en:us" }, "csaw" : false }