CVE & CISA-KEV Catalog

CVE-2023-53991

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC blocks, until their allocation/assignment is being sanity-checked in "drm/msm/dpu: Reject topologies for which no DSC blocks are available") remain NULL but will still be returned out of dpu_rm_get_assigned_resources, where the caller expects to get an array containing num_blks valid pointers (but instead gets these NULLs). To prevent this from happening, where null-pointer dereferences typically result in a hard-to-debug platform lockup, num_blks shouldn't increase past NULL blocks and will print an error and break instead. After all, max_blks represents the static size of the maximum number of blocks whereas the actual amount varies per platform. ^1: which can happen after a git rebase ended up moving additions to _dpu_cfg to a different struct which has the same patch context. Patchwork: https://patchwork.freedesktop.org/patch/517636/

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.178-1CVE-2023-53991
Fixed in:6.1.20-1CVE-2023-53991
Fixed in:6.1.20-1CVE-2023-53991
Fixed in:6.1.20-1CVE-2023-53991

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.17%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2023-53991
CVE-2023-53991 severity badge

Markdown

[![CVE-2023-53991](https://tridentstack.com/cve/badge/CVE-2023-53991.svg)](https://tridentstack.com/cve/CVE-2023-53991)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-53991"><img src="https://tridentstack.com/cve/badge/CVE-2023-53991.svg" alt="CVE-2023-53991"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-29.