CVE-2023-53036: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's AMD GPU driver (CVE-2023-53036) was identified and resolved, specifically affecting the device removal process for AMD GPUs with RAS (Reliability, Availability, and Serviceability) enabled. The issue was discovered and published to the CVE List on May 2, 2025 (NVD).

The vulnerability manifests as a call trace warning and system hang when shutting down an AMD GPU device with RAS enabled. The fix involves modifying the DRM device unplugged flag check instead of using the shutdown flag to prevent memory wipe during the shutdown stage. The issue has been assigned a CVSS v3.1 base score of 5.5 with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

When exploited, this vulnerability results in system hangs during the AMD GPU device shutdown process, potentially affecting system availability and stability. The impact is particularly relevant for systems using AMD GPUs with RAS functionality enabled (NVD).

The vulnerability has been fixed in various Linux distributions. Debian has addressed this in version 6.1.137-1 for bookworm and 6.12.27-1 for trixie and sid releases. Red Hat Enterprise Linux 9 has deferred the fix for both kernel and kernel-rt packages (Debian, RedHat).