{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP",
    "id" : "2426033",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426033"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-909",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP\nFixes OOPS on boards with ANX9805 DP encoders.", "A flaw was found in the Linux kernel's nouveau graphics driver for NVIDIA GPUs. The hpd_irq_lock spinlock is not initialized for PIOR (Parallel Interface Output Resource) DisplayPort connectors. This missing initialization causes a kernel oops on systems with ANX9805 DP encoders when hotplug detection operations access the uninitialized lock." ],
  "statement" : "This issue affects a narrow subset of systems: those with NVIDIA graphics cards using the nouveau driver combined with ANX9805 DisplayPort encoder hardware. Most users will not encounter this bug as it requires specific external DP encoder hardware. The crash occurs during display hotplug events on affected systems.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54263\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54263\nhttps://lore.kernel.org/linux-cve-announce/2025123058-CVE-2023-54263-0976@gregkh/T" ],
  "name" : "CVE-2023-54263",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the nouveau module from being loaded and use an alternative driver if available. See https://access.redhat.com/solutions/41278 for instructions.",
    "lang" : "en:us"
  },
  "csaw" : false
}