CVE-2023-53552: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: mark requests for GuC virtual engines to avoid use-after-free
References to i915_requests may be trapped by userspace inside a
sync_file or dmabuf (dma-resv) and held indefinitely across different
proceses. To counter-act the memory leaks, we try to not to keep
references from the request past their completion.
On the other side on fence release we need to know if rq->engine
is valid and points to hw engine (true for non-virtual requests).
To make it possible extra bit has been added to rq->execution_mask,
for marking virtual engines.
(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)
Security readout for executives and security teams
Plain-English summary
CVE-2023-53552 is a Linux kernel graphics driver flaw involving Intel i915 request handling. The public record describes a use-after-free condition corrected by marking GuC virtual-engine requests. Business impact depends on whether affected kernels and Intel i915 graphics paths are present. No source provided a CVSS score or confirmed exploitation.
Executive priority
Treat as a kernel patch-management item with uncertain severity. Prioritize environments where Linux graphical workloads, shared workstations, or GPU-enabled systems are important, but avoid emergency assumptions without vendor severity or exploitation evidence.
Technical view
The issue is in Linux drm/i915. Userspace can retain references to i915_requests through sync_file or dma-buf dma-resv objects. During fence release, the kernel must know whether rq->engine is valid hardware-engine state. The fix adds a marker bit in rq->execution_mask for virtual engines to avoid unsafe handling.
Likely exposure
Exposure is most likely on Linux systems running affected kernel versions with Intel i915 graphics and GuC virtual-engine paths. The provided data lists Linux kernel 6.0, 6.1.54, 6.5.4, and 6.6 as affected, but distro-specific backports require vendor mapping.
Exploitation context
The source bundle does not show CISA KEV listing, public exploitation, exploit maturity, or attack prerequisites. It only documents that the Linux kernel resolved a use-after-free condition in drm/i915 request lifecycle handling.
Researcher notes
The record attributes the flaw to stale i915_request references held by userspace-visible sync_file or dma-buf reservation objects. The key remediation evidence is upstream stable kernel commits, but the bundle lacks CVSS, CWE, exploit details, and precise downstream package status.
Mitigation direction
Check Linux distribution advisories for CVE-2023-53552 and relevant kernel packages.
Update to a vendor-supported kernel containing the referenced stable fixes.
Prioritize systems using Intel i915 graphics or GuC execution paths.
If no vendor advisory exists, track upstream stable commits and vendor backports.
Validation and detection
Inventory kernel versions across Linux endpoints and servers.
Identify systems with Intel i915 graphics driver usage.
Map installed kernels to distro advisories or included stable commit IDs.
Confirm patched systems no longer run affected kernel builds.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53552 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
4Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 4, 2025, 15:16 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.