LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53723: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini, driver unconditionally disables ecc_irq which is only enabled on those asics enabling sdma ecc. This will introduce a warning in suspend cycle on those chips with sdma ip v4.0, while without sdma ecc. So this patch correct this. [ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu] [ 7283.167001] RSP: 0018:ffff9a5fc3967d08 EFLAGS: 00010246 [ 7283.167019] RAX: ffff98d88afd3770 RBX: 0000000000000001 RCX: 0000000000000000 [ 7283.167023] RDX: 0000000000000000 RSI: ffff98d89da30390 RDI: ffff98d89da20000 [ 7283.167025] RBP: ffff98d89da20000 R08: 0000000000036838 R09: 0000000000000006 [ 7283.167028] R10: ffffd5764243c008 R11: 0000000000000000 R12: ffff98d89da30390 [ 7283.167030] R13: ffff98d89da38978 R14: ffffffff999ae15a R15: ffff98d880130105 [ 7283.167032] FS: 0000000000000000(0000) GS:ffff98d996f00000(0000) knlGS:0000000000000000 [ 7283.167036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7283.167039] CR2: 00000000f7a9d178 CR3: 00000001c42ea000 CR4: 00000000003506e0 [ 7283.167041] Call Trace: [ 7283.167046] <TASK> [ 7283.167048] sdma_v4_0_hw_fini+0x38/0xa0 [amdgpu] [ 7283.167704] amdgpu_device_ip_suspend_phase2+0x101/0x1a0 [amdgpu] [ 7283.168296] amdgpu_device_suspend+0x103/0x180 [amdgpu] [ 7283.168875] amdgpu_pmops_freeze+0x21/0x60 [amdgpu] [ 7283.169464] pci_pm_freeze+0x54/0xc0

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue affects AMD GPU driver suspend handling. On some AMDGPU systems, the driver tries to disable an ECC interrupt that was never enabled, producing a kernel warning during suspend or freeze. The provided sources do not show data theft, remote exploitation, or confirmed service outage impact.

Executive priority

Treat this as routine kernel maintenance unless affected AMD GPU systems show suspend instability. There is no sourced evidence of active exploitation, remote attack, or broad business impact in the provided bundle.

Technical view

In drm/amdgpu, sdma_v4_0_hw_fini unconditionally called amdgpu_irq_put for SDMA ECC IRQ. SDMA v4.0 is shared across ASICs, including chips without SDMA ECC enabled. The fix gates ECC IRQ disablement on SDMA RAS capability during suspend.

Likely exposure

Exposure appears limited to Linux systems using the amdgpu driver on SDMA v4.0 AMD GPU hardware, especially systems entering suspend, freeze, or similar power-management paths. Package-level affected status depends on distribution kernel backports.

Exploitation context

No active exploitation is cited. The source bundle marks KEV false and describes a suspend-cycle kernel warning, not an attacker-controlled exploit path. No public exploit status, CVSS score, or CWE is provided.

Researcher notes

The record identifies affected Linux kernel ranges and multiple stable commits, but gives no CVSS, CWE, exploitability analysis, or user-trigger model. Analysis should stay focused on amdgpu SDMA v4.0 suspend behavior and distribution backport status.

Mitigation direction

  • Update to a vendor-supported kernel containing the referenced stable amdgpu fix.
  • Check Linux distribution advisories for backported fixes in your exact kernel package.
  • Prioritize AMD GPU workstations, laptops, and GPU nodes that use suspend or hibernate.
  • Escalate only if suspend failures or operational instability are observed.

Validation and detection

  • Inventory Linux systems using the amdgpu kernel driver and AMD GPU hardware.
  • Confirm whether the running kernel includes the referenced stable fix commits.
  • Review suspend or freeze logs for amdgpu_irq_put and sdma_v4_0_hw_fini warnings.
  • Validate remediation through vendor package metadata, not upstream version numbers alone.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53723 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
8Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21, d38ceaf99ed015f2a0b9af3499791bd3a3daae21, d38ceaf99ed015f2a0b9af3499791bd3a3daae21, d38ceaf99ed015f2a0b9af3499791bd3a3daae21, d38ceaf99ed015f2a0b9af3499791bd3a3daae21, d38ceaf99ed015f2a0b9af3499791bd3a3daae21, d38ceaf99ed015f2a0b9af3499791bd3a3daae21unaffected
LinuxLinux4.2, 0, 5.4.243, 5.10.180, 5.15.112, 6.1.29, 6.2.16, 6.3.3, 6.4affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.