VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2023-53851

CVE-2023-53851

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: Drop aux devices together with DP controller

Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt.

But the struct device which the devres is tied to is the DPUs (drm_dev->dev), which may be happen after the DP controller is torn down.

Indications of this can be seen in the commonly seen EDID-hexdump full of zeros in the log, or the occasional/rare KASAN fault where the panel's attempt to read the EDID information causes a use after free on DP resources.

It's tempting to move the devres to the DP controller's struct device, but the resources used by the device(s) on the aux bus are explicitly torn down in the error path. The KASAN-reported use-after-free also remains, as the DP aux "module" explicitly frees its devres-allocated memory in this code path.

As such, explicitly depopulate the aux bus in the error path, and in the component unbind path, to avoid these issues.

Patchwork: https://patchwork.freedesktop.org/patch/542163/

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free in DRM MSM DP controller due to improper cleanup ordering; fixed by explicitly depopulating aux bus.

Vulnerability

Description

CVE-2023-53851 is a use-after-free vulnerability in the Linux kernel's DRM MSM DP controller. The issue arises from incorrect resource cleanup ordering: using devres to depopulate the aux bus tied the cleanup to the DRM device (drm_dev->dev), which may be torn down after the DP controller. This causes the auxiliary devices (e.g., eDP panel) to be freed while still in use, particularly during probe deferral or component unbind.

Exploitation

An attacker could trigger this vulnerability by causing a probe deferral or unbind of the DP controller, leading to a scenario where the auxiliary bus devices are accessed after the DP controller resources are freed. For instance, reading the EDID via the aux bus could access freed memory, resulting in corrupted data (e.g., EDID hexdump of zeros) or a KASAN-detected use-after-free.

Impact

The primary impact is a use-after-free condition, which can lead to system crashes, memory corruption, or potential privilege escalation if exploited. The vulnerability can be triggered locally by an authenticated user with sufficient privileges to cause device probe/deferral cycles.

Mitigation

The fix is to explicitly depopulate the aux bus in the error and component unbind paths, ensuring that auxiliary devices are cleaned up before the DP controller resources are freed. Patches are available in the stable kernel commits [1] and [2]. Users should update to the latest stable kernel version containing these commits.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

3
e09ed0693880
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
2fde37445807
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a7bfb2ad2184
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.