LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53552: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different proceses. To counter-act the memory leaks, we try to not to keep references from the request past their completion. On the other side on fence release we need to know if rq->engine is valid and points to hw engine (true for non-virtual requests). To make it possible extra bit has been added to rq->execution_mask, for marking virtual engines. (cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2023-53552 is a Linux kernel graphics driver flaw involving Intel i915 request handling. The public record describes a use-after-free condition corrected by marking GuC virtual-engine requests. Business impact depends on whether affected kernels and Intel i915 graphics paths are present. No source provided a CVSS score or confirmed exploitation.

Executive priority

Treat as a kernel patch-management item with uncertain severity. Prioritize environments where Linux graphical workloads, shared workstations, or GPU-enabled systems are important, but avoid emergency assumptions without vendor severity or exploitation evidence.

Technical view

The issue is in Linux drm/i915. Userspace can retain references to i915_requests through sync_file or dma-buf dma-resv objects. During fence release, the kernel must know whether rq->engine is valid hardware-engine state. The fix adds a marker bit in rq->execution_mask for virtual engines to avoid unsafe handling.

Likely exposure

Exposure is most likely on Linux systems running affected kernel versions with Intel i915 graphics and GuC virtual-engine paths. The provided data lists Linux kernel 6.0, 6.1.54, 6.5.4, and 6.6 as affected, but distro-specific backports require vendor mapping.

Exploitation context

The source bundle does not show CISA KEV listing, public exploitation, exploit maturity, or attack prerequisites. It only documents that the Linux kernel resolved a use-after-free condition in drm/i915 request lifecycle handling.

Researcher notes

The record attributes the flaw to stale i915_request references held by userspace-visible sync_file or dma-buf reservation objects. The key remediation evidence is upstream stable kernel commits, but the bundle lacks CVSS, CWE, exploit details, and precise downstream package status.

Mitigation direction

  • Check Linux distribution advisories for CVE-2023-53552 and relevant kernel packages.
  • Update to a vendor-supported kernel containing the referenced stable fixes.
  • Prioritize systems using Intel i915 graphics or GuC execution paths.
  • If no vendor advisory exists, track upstream stable commits and vendor backports.

Validation and detection

  • Inventory kernel versions across Linux endpoints and servers.
  • Identify systems with Intel i915 graphics driver usage.
  • Map installed kernels to distro advisories or included stable commit IDs.
  • Confirm patched systems no longer run affected kernel builds.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53552 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
4Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxbcb9aa45d5a0e11ef91245330c53cde214d15e8d, bcb9aa45d5a0e11ef91245330c53cde214d15e8d, bcb9aa45d5a0e11ef91245330c53cde214d15e8dunaffected
LinuxLinux6.0, 0, 6.1.54, 6.5.4, 6.6affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.