CVE-2023-53723: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini,
driver unconditionally disables ecc_irq which is only enabled on
those asics enabling sdma ecc. This will introduce a warning in
suspend cycle on those chips with sdma ip v4.0, while without
sdma ecc. So this patch correct this.
[ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu]
[ 7283.167001] RSP: 0018:ffff9a5fc3967d08 EFLAGS: 00010246
[ 7283.167019] RAX: ffff98d88afd3770 RBX: 0000000000000001 RCX: 0000000000000000
[ 7283.167023] RDX: 0000000000000000 RSI: ffff98d89da30390 RDI: ffff98d89da20000
[ 7283.167025] RBP: ffff98d89da20000 R08: 0000000000036838 R09: 0000000000000006
[ 7283.167028] R10: ffffd5764243c008 R11: 0000000000000000 R12: ffff98d89da30390
[ 7283.167030] R13: ffff98d89da38978 R14: ffffffff999ae15a R15: ffff98d880130105
[ 7283.167032] FS: 0000000000000000(0000) GS:ffff98d996f00000(0000) knlGS:0000000000000000
[ 7283.167036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7283.167039] CR2: 00000000f7a9d178 CR3: 00000001c42ea000 CR4: 00000000003506e0
[ 7283.167041] Call Trace:
[ 7283.167046] <TASK>
[ 7283.167048] sdma_v4_0_hw_fini+0x38/0xa0 [amdgpu]
[ 7283.167704] amdgpu_device_ip_suspend_phase2+0x101/0x1a0 [amdgpu]
[ 7283.168296] amdgpu_device_suspend+0x103/0x180 [amdgpu]
[ 7283.168875] amdgpu_pmops_freeze+0x21/0x60 [amdgpu]
[ 7283.169464] pci_pm_freeze+0x54/0xc0
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue affects AMD GPU driver suspend handling. On some AMDGPU systems, the driver tries to disable an ECC interrupt that was never enabled, producing a kernel warning during suspend or freeze. The provided sources do not show data theft, remote exploitation, or confirmed service outage impact.
Executive priority
Treat this as routine kernel maintenance unless affected AMD GPU systems show suspend instability. There is no sourced evidence of active exploitation, remote attack, or broad business impact in the provided bundle.
Technical view
In drm/amdgpu, sdma_v4_0_hw_fini unconditionally called amdgpu_irq_put for SDMA ECC IRQ. SDMA v4.0 is shared across ASICs, including chips without SDMA ECC enabled. The fix gates ECC IRQ disablement on SDMA RAS capability during suspend.
Likely exposure
Exposure appears limited to Linux systems using the amdgpu driver on SDMA v4.0 AMD GPU hardware, especially systems entering suspend, freeze, or similar power-management paths. Package-level affected status depends on distribution kernel backports.
Exploitation context
No active exploitation is cited. The source bundle marks KEV false and describes a suspend-cycle kernel warning, not an attacker-controlled exploit path. No public exploit status, CVSS score, or CWE is provided.
Researcher notes
The record identifies affected Linux kernel ranges and multiple stable commits, but gives no CVSS, CWE, exploitability analysis, or user-trigger model. Analysis should stay focused on amdgpu SDMA v4.0 suspend behavior and distribution backport status.
Mitigation direction
Update to a vendor-supported kernel containing the referenced stable amdgpu fix.
Check Linux distribution advisories for backported fixes in your exact kernel package.
Prioritize AMD GPU workstations, laptops, and GPU nodes that use suspend or hibernate.
Escalate only if suspend failures or operational instability are observed.
Validation and detection
Inventory Linux systems using the amdgpu kernel driver and AMD GPU hardware.
Confirm whether the running kernel includes the referenced stable fix commits.
Review suspend or freeze logs for amdgpu_irq_put and sdma_v4_0_hw_fini warnings.
Validate remediation through vendor package metadata, not upstream version numbers alone.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53723 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
8Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 22, 2025, 13:23 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.