{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs",
    "id" : "2402243",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402243"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs\nThe gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still\nuse amdgpu_irq_put to disable this interrupt, which caused the call trace\nin this function.\n[  102.873958] Call Trace:\n[  102.873959]  <TASK>\n[  102.873961]  gfx_v11_0_hw_fini+0x23/0x1e0 [amdgpu]\n[  102.874019]  gfx_v11_0_suspend+0xe/0x20 [amdgpu]\n[  102.874072]  amdgpu_device_ip_suspend_phase2+0x240/0x460 [amdgpu]\n[  102.874122]  amdgpu_device_ip_suspend+0x3d/0x80 [amdgpu]\n[  102.874172]  amdgpu_device_pre_asic_reset+0xd9/0x490 [amdgpu]\n[  102.874223]  amdgpu_device_gpu_recover.cold+0x548/0xce6 [amdgpu]\n[  102.874321]  amdgpu_debugfs_reset_work+0x4c/0x70 [amdgpu]\n[  102.874375]  process_one_work+0x21f/0x3f0\n[  102.874377]  worker_thread+0x200/0x3e0\n[  102.874378]  ? process_one_work+0x3f0/0x3f0\n[  102.874379]  kthread+0xfd/0x130\n[  102.874380]  ? kthread_complete_and_exit+0x20/0x20\n[  102.874381]  ret_from_fork+0x22/0x30\nv2:\n- Handle umc and gfx ras cases in separated patch\n- Retired the gfx_v11_0_cp_ecc_error_irq_funcs in gfx11\nv3:\n- Improve the subject and code comments\n- Add judgment on gfx11 in the function of amdgpu_gfx_ras_late_init\nv4:\n- Drop the define of CP_ME1_PIPE_INST_ADDR_INTERVAL and\nSET_ECC_ME_PIPE_STATE which using in gfx_v11_0_set_cp_ecc_error_state\n- Check cp_ecc_error_irq.funcs rather than ip version for a more\nsustainable life\nv5:\n- Simplify judgment conditions", "A logic error was found in the Linux kernel amdgpu graphics driver's interrupt handling for GFX version 11 hardware. A local user with access to an AMD GPU can trigger a GPU device reset or suspend operation, causing the driver to attempt cleanup of a retired interrupt handler that no longer exists, which results in a kernel call trace and denial of service through system crash or GPU malfunction." ],
  "statement" : "The issue arises because the gfx_v11_0_cp_ecc_error_irq interrupt handler was retired in GFX11 hardware, but the cleanup path in gfx_v11_0_hw_fini still attempts to disable this non-existent interrupt via amdgpu_irq_put. When GPU recovery or device suspend operations execute on affected hardware, the driver follows the standard teardown sequence and hits this stale reference, producing a call trace. Any workload that triggers GPU reset (such as through debugfs, recovery from GPU hang, or system suspend) will encounter this condition. The impact is limited to availability; there is no evidence of memory corruption or information disclosure, only disruption of GPU functionality.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53628\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53628\nhttps://lore.kernel.org/linux-cve-announce/2025100712-CVE-2023-53628-a5b2@gregkh/T" ],
  "name" : "CVE-2023-53628",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the amdgpu module from loading. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.",
    "lang" : "en:us"
  },
  "csaw" : false
}