CVE-2023-53755

Vulnerability

A null-pointer dereference vulnerability exists in the Linux kernel's PTDMA (AMD Platform Trusted DMA) driver. The pt_issue_pending() function incorrectly assumes that at least one descriptor will always be present in the Submitted queue when it is invoked. However, it is possible for both the Submitted and Issued queues to be empty, leading to pt_cmd_callback() being called with a NULL pointer argument, which triggers a kernel panic [1].

Exploitation

This issue can be triggered on AMD systems after the PTDMA driver has been exercised, typically during host shutdown. An attacker with local access or the ability to trigger driver operations could potentially induce the panic condition, though the vulnerability manifests most commonly as a reliability bug rather than a direct security exploit path [1].

Impact

If successfully triggered, the bug causes a kernel panic, resulting in a denial of service (system crash). No privilege escalation or data leakage is described in the available sources [1].

Mitigation

The fix is present in the upstream Linux kernel stable tree. Administrators should apply the latest stable kernel updates to their systems. No workarounds are documented; the patch simply adds a null pointer check before calling pt_cmd_callback() to avoid the dereference [1].