Information Leak in Linux Kernel's Graphics Driver Component
CVE-2023-53324

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2023-53324?

A vulnerability in the Linux kernel's graphics driver component, specifically within the drm/msm/mdp5 subsystem, allows for the unintentional leakage of plane state information. This issue stems from improper handling of the plane_state->commit reference count, which can lead to sensitive data exposure. The vulnerability was introduced when the reference tracking mechanism was modified, highlighting the necessity of using appropriate helpers to prevent such leaks. A patch has been made available to address this issue, ensuring better management of state within the graphics processing framework.

Affected Version(s)

Linux 21a01abbe32a3cbeb903378a24e504bfd9fe0648 < 7fc11a830b2eb07a0e3c6f917e5e636df6fc5d4c

Linux 21a01abbe32a3cbeb903378a24e504bfd9fe0648

Linux 21a01abbe32a3cbeb903378a24e504bfd9fe0648 < 815e42029f6e1e762898079f85546d6a0391ab95

References

https://git.kernel.org/stable/c/7fc11a830b2eb07a0e3c6f917...

https://git.kernel.org/stable/c/b8a61df6f40448cf46611f7af...

https://git.kernel.org/stable/c/815e42029f6e1e762898079f8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025