CVE-2023-53095: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53095 is a vulnerability in the Linux kernel's DRM/TTM subsystem, discovered and disclosed on May 2, 2025. The issue involves a NULL pointer dereference in the TTM buffer object management code, specifically affecting the LRU (Least Recently Used) mechanism when looking up resources being removed from objects (NVD).

The vulnerability stems from unclear locking rules in the TTM buffer object management where res->bo assignment is protected by the LRU lock, while bo->resource is protected by the object lock. The clearing of bo->resource is also protected by the LRU lock. This condition could lead to a NULL pointer dereference in ttmboswapout() function. The issue has been assigned a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (RedHat).

The vulnerability can cause a NULL pointer dereference in the Linux kernel's TTM buffer object management system, potentially leading to system crashes or denial of service conditions. The impact is limited to local attacks and requires local user privileges to exploit (RedHat).

The vulnerability has been fixed in the Linux kernel by implementing a check that verifies bo->resource points to the LRU resource under the LRU lock before deciding to swap out a buffer object. This prevents the NULL pointer dereference in ttmboswapout(). Various Linux distributions have marked their systems as either 'Not affected' or have applied the necessary patches (Ubuntu).