| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091858-CVE-2023-53389-26a2@gregkh> Date: Thu, 18 Sep 2025 15:34:34 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53389: drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as its probed. However when the interrupts trigger the bridge might not have been attached to a DRM device. As drm_helper_hpd_irq_event() does not check whether the passed in drm_device is valid or not, a NULL pointer passed in results in a kernel NULL pointer dereference in it. Check whether the bridge is attached and only trigger an HPD event if it is. The Linux kernel CVE team has assigned CVE-2023-53389 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1 with commit f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b and fixed in 6.1.28 with commit 6524d3d58797975cc40b85be1e9b89721b4e8d0b Issue introduced in 6.1 with commit f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b and fixed in 6.2.15 with commit 3551789d0635dfb2df8ab8e7fdbf0647e9c1724c Issue introduced in 6.1 with commit f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b and fixed in 6.3.2 with commit d1c04e338016ae2517c641806a831b1f3eee2bed Issue introduced in 6.1 with commit f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b and fixed in 6.4 with commit 36b617f7e4ae663fcadd202ea061ca695ca75539 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53389 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/mediatek/mtk_dp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6524d3d58797975cc40b85be1e9b89721b4e8d0b https://git.kernel.org/stable/c/3551789d0635dfb2df8ab8e7fdbf0647e9c1724c https://git.kernel.org/stable/c/d1c04e338016ae2517c641806a831b1f3eee2bed https://git.kernel.org/stable/c/36b617f7e4ae663fcadd202ea061ca695ca75539
Powered by blists - more mailing lists