{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/i915: Fix system suspend without fbdev being initialized",
    "id" : "2402217",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402217"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/i915: Fix system suspend without fbdev being initialized\nIf fbdev is not initialized for some reason - in practice on platforms\nwithout display - suspending fbdev should be skipped during system\nsuspend, fix this up. While at it add an assert that suspending fbdev\nonly happens with the display present.\nThis fixes the following:\n[   91.227923] PM: suspend entry (s2idle)\n[   91.254598] Filesystems sync: 0.025 seconds\n[   91.270518] Freezing user space processes\n[   91.272266] Freezing user space processes completed (elapsed 0.001 seconds)\n[   91.272686] OOM killer disabled.\n[   91.272872] Freezing remaining freezable tasks\n[   91.274295] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)\n[   91.659622] BUG: kernel NULL pointer dereference, address: 00000000000001c8\n[   91.659981] #PF: supervisor write access in kernel mode\n[   91.660252] #PF: error_code(0x0002) - not-present page\n[   91.660511] PGD 0 P4D 0\n[   91.660647] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[   91.660875] CPU: 4 PID: 917 Comm: bash Not tainted 6.2.0-rc7+ #54\n[   91.661185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20221117gitfff6d81270b5-9.fc37 unknown\n[   91.661680] RIP: 0010:mutex_lock+0x19/0x30\n[   91.661914] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 53 48 89 fb e8 62 d3 ff ff 31 c0 65 48 8b 14 25 00 15 03 00 <f0> 48 0f b1 13 75 06 5b c3 cc cc cc cc 48 89 df 5b eb b4 0f 1f 40\n[   91.662840] RSP: 0018:ffffa1e8011ffc08 EFLAGS: 00010246\n[   91.663087] RAX: 0000000000000000 RBX: 00000000000001c8 RCX: 0000000000000000\n[   91.663440] RDX: ffff8be455eb0000 RSI: 0000000000000001 RDI: 00000000000001c8\n[   91.663802] RBP: ffff8be459440000 R08: ffff8be459441f08 R09: ffffffff8e1432c0\n[   91.664167] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001\n[   91.664532] R13: 00000000000001c8 R14: 0000000000000000 R15: ffff8be442f4fb20\n[   91.664905] FS:  00007f28ffc16740(0000) GS:ffff8be4bb900000(0000) knlGS:0000000000000000\n[   91.665334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   91.665626] CR2: 00000000000001c8 CR3: 0000000114926006 CR4: 0000000000770ee0\n[   91.665988] PKRU: 55555554\n[   91.666131] Call Trace:\n[   91.666265]  <TASK>\n[   91.666381]  intel_fbdev_set_suspend+0x97/0x1b0 [i915]\n[   91.666738]  i915_drm_suspend+0xb9/0x100 [i915]\n[   91.667029]  pci_pm_suspend+0x78/0x170\n[   91.667234]  ? __pfx_pci_pm_suspend+0x10/0x10\n[   91.667461]  dpm_run_callback+0x47/0x150\n[   91.667673]  __device_suspend+0x10a/0x4e0\n[   91.667880]  dpm_suspend+0x134/0x270\n[   91.668069]  dpm_suspend_start+0x79/0x80\n[   91.668272]  suspend_devices_and_enter+0x11b/0x890\n[   91.668526]  pm_suspend.cold+0x270/0x2fc\n[   91.668737]  state_store+0x46/0x90\n[   91.668916]  kernfs_fop_write_iter+0x11b/0x200\n[   91.669153]  vfs_write+0x1e1/0x3a0\n[   91.669336]  ksys_write+0x53/0xd0\n[   91.669510]  do_syscall_64+0x58/0xc0\n[   91.669699]  ? syscall_exit_to_user_mode_prepare+0x18e/0x1c0\n[   91.669980]  ? syscall_exit_to_user_mode_prepare+0x18e/0x1c0\n[   91.670278]  ? syscall_exit_to_user_mode+0x17/0x40\n[   91.670524]  ? do_syscall_64+0x67/0xc0\n[   91.670717]  ? __irq_exit_rcu+0x3d/0x140\n[   91.670931]  entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[   91.671202] RIP: 0033:0x7f28ffd14284\nv2: CC stable. (Jani)\nReferences: https://gitlab.freedesktop.org/drm/intel/-/issues/8015\n(cherry picked from commit 9542d708409a41449e99c9a464deb5e062c4bee2)", "A NULL pointer dereference was found in the Linux kernel Intel i915 graphics driver's framebuffer device suspend handling. On platforms without display hardware where fbdev is not initialized, a local user with privileges to initiate system suspend can trigger the suspend path, causing the driver to attempt locking a mutex in the uninitialized fbdev structure, which results in a kernel NULL pointer dereference and denial of service through system crash." ],
  "statement" : "The issue arises because the i915 driver's suspend path unconditionally attempts to suspend the framebuffer device without checking whether fbdev was successfully initialized. On platforms lacking display hardware (such as certain server or embedded configurations), fbdev initialization is skipped entirely, leaving the structure NULL. When system suspend is initiated through standard mechanisms (writing to /sys/power/state), the power management subsystem calls into the i915 driver's suspend handler, which then calls intel_fbdev_set_suspend(). This function attempts to acquire a mutex at offset 0x1c8 within the NULL fbdev structure, triggering an immediate kernel NULL pointer dereference. The crash occurs reliably on affected hardware configurations whenever suspend is attempted. While this is a severe availability issue causing complete system failure, exploitation is limited to users with privileges to initiate system suspend operations, and there is no memory corruption or information disclosure beyond the crash itself.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53678\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53678\nhttps://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53678-b370@gregkh/T" ],
  "name" : "CVE-2023-53678",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the i915 module from loading. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.",
    "lang" : "en:us"
  },
  "csaw" : false
}