Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-53851
CVE-2023-53851:
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: Drop aux devices together with DP controller
Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt.
But the struct device which the devres is tied to is the DPUs (drm_dev->dev), which may be happen after the DP controller is torn down.
Indications of this can be seen in the commonly seen EDID-hexdump full of zeros in the log, or the occasional/rare KASAN fault where the panel's attempt to read the EDID information causes a use after free on DP resources.
It's tempting to move the devres to the DP controller's struct device, but the resources used by the device(s) on the aux bus are explicitly torn down in the error path. The KASAN-reported use-after-free also remains, as the DP aux "module" explicitly frees its devres-allocated memory in this code path.
As such, explicitly depopulate the aux bus in the error path, and in the component unbind path, to avoid these issues.
Source: NVD
Related Linux Debian vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management