CVE-2023-52673: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel's drm/amd/display subsystem, specifically related to a null pointer dereference issue in debugfs. The vulnerability, tracked as CVE-2023-52673, was discovered and involves the getsubvpen() callback function in the AMD display driver. The issue was officially recorded on March 7, 2024, affecting various Linux kernel versions (CVE Mitre, Debian Tracker).

The vulnerability stems from a null pointer error in the Linux kernel's AMD display driver, specifically in the debugfs functionality. The issue occurs when the getsubvpen() callback is called without first verifying its existence. The fix involves adding a check to verify whether the getsubvpen() callback exists before attempting to call it, as demonstrated in the kernel patch (Kernel Patch).

The vulnerability affects multiple Linux distributions and versions, including Debian Bullseye (5.10.223-1 and 5.10.234-1) and Bookworm (6.1.123-1 and 6.1.128-1), which were marked as vulnerable. The issue has been fixed in newer versions such as Debian Trixie (6.12.12-1) and Sid (6.12.16-1) (Debian Tracker).

The vulnerability has been patched in the Linux kernel with commit 43235db21fc23559f50a62f8f273002eeb506f5a. The fix implements a proper check for the getsubvpen() callback's existence before attempting to use it. Users are advised to upgrade to the fixed versions: Debian Trixie (6.12.12-1) or later, or Debian Sid (6.12.16-1) or later (Kernel Patch).