VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2023-53806

CVE-2023-53806

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: populate subvp cmd info only for the top pipe

[Why] System restart observed while changing the display resolution to 8k with extended mode. Sytem restart was caused by a page fault.

[How] When the driver populates subvp info it did it for both the pipes using vblank which caused an outof bounds array access causing the page fault. added checks to allow the top pipe only to fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel drm/amd/display vulnerability: populating subvp cmd info for both pipes causes out-of-bounds access and system restart when switching to 8k extended mode.

Vulnerability

Details

The vulnerability is in the Linux kernel's AMD Display driver (drm/amd/display). When changing the display resolution to 8K with extended mode enabled, the driver incorrectly populates subvp command information for both display pipes using a vblank counter. This results in an out-of-bounds array access, leading to a page fault and subsequent system restart [1].

Exploitation

Conditions

The issue triggers during a resolution change to 8K in extended mode. This can be initiated by any user with the ability to change display settings, requiring no special privileges beyond local access. No authentication or network attack surface is involved; it is a local denial-of-service condition.

Impact

A successful trigger of this vulnerability causes a system restart (kernel panic) due to a page fault, resulting in denial of service. No other impacts (e.g., privilege escalation or data corruption) have been reported.

Mitigation

The fix was included in the Linux kernel stable commit [1]. Users are advised to update to a kernel version containing this commit or a later stable release that includes the patch.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

3
92e6c79acad4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
375d192eb1f1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9bb10b7aaec3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.