Improper resource shutdown or release in Linux kernel amd amdgpu driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-53036
CWE-ID CWE-404
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper resource shutdown or release

EUVDB-ID: #VU108509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53036

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the amdgpu_bo_release_notify() function in drivers/gpu/drm/amd/amdgpu/amdgpu_object.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.1.21

CPE2.3 External links

https://git.kernel.org/stable/c/93bb18d2a873d2fa9625c8ea927723660a868b95
https://git.kernel.org/stable/c/9a02dae3bbfe2df8e1c81e61a08695709e9588f9
https://git.kernel.org/stable/c/f06b902511ea05526f405ee64da54a8313d91831
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.22


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###