{ "threat_severity" : "Low", "public_date" : "2025-12-09T00:00:00Z", "bugzilla" : { "description" : "kernel: drm: bridge: dw_hdmi: fix connector access for scdc", "id" : "2420246", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420246" }, "cvss3" : { "cvss3_base_score" : "4.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm: bridge: dw_hdmi: fix connector access for scdc\nCommit 5d844091f237 (\"drm/scdc-helper: Pimp SCDC debugs\") changed the scdc\ninterface to pick up an i2c adapter from a connector instead. However, in\nthe case of dw-hdmi, the wrong connector was being used to pass i2c adapter\ninformation, since dw-hdmi's embedded connector structure is only populated\nwhen the bridge attachment callback explicitly asks for it.\ndrm-meson is handling connector creation, so this won't happen, leading to\na NULL pointer dereference.\nFix it by having scdc functions access dw-hdmi's current connector pointer\ninstead, which is assigned during the bridge enablement stage.\n[narmstrong: moved Fixes tag before first S-o-b and added Reported-by tag]", "A vulnerability was found in the Linux kernel's DRM subsystem, specifically within the DW HDMI bridge driver .A prior commit intended to improve SCDC (Source Connection Description Channel) debugging changed the interface to retrieve an I2C adapter from a connector structure. However, in the dw_hdmi implementation, the wrong connector pointer was inadvertently used to access the I2C adapter information. This incorrect usage, particularly when the Digital Visual Interface or DisplayPort connector was not properly initialized via the bridge attachment callback, resulting in a NULL pointer dereference." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53784\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53784\nhttps://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53784-a381@gregkh/T" ], "name" : "CVE-2023-53784", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }