Improper error handling in Linux kernel pm legacy-dpm driver



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-52657
CWE-ID CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper error handling

EUVDB-ID: #VU92943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52657

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the si_dpm_enable() and si_dpm_process_interrupt() functions in drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.8 rc5

CPE2.3 External links

https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94
https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f
https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6
https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.21
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###