LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53851: drm/msm/dp: Drop aux devices together with DP controller

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt. But the struct device which the devres is tied to is the DPUs (drm_dev->dev), which may be happen after the DP controller is torn down. Indications of this can be seen in the commonly seen EDID-hexdump full of zeros in the log, or the occasional/rare KASAN fault where the panel's attempt to read the EDID information causes a use after free on DP resources. It's tempting to move the devres to the DP controller's struct device, but the resources used by the device(s) on the aux bus are explicitly torn down in the error path. The KASAN-reported use-after-free also remains, as the DP aux "module" explicitly frees its devres-allocated memory in this code path. As such, explicitly depopulate the aux bus in the error path, and in the component unbind path, to avoid these issues. Patchwork: https://patchwork.freedesktop.org/patch/542163/

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel driver bug in Qualcomm MSM DisplayPort/eDP handling. During certain probe failure or device teardown paths, panel EDID reads may touch DisplayPort resources after they were freed, causing bad display behavior or a kernel memory safety fault.

Executive priority

Treat as a targeted kernel maintenance issue, not an internet-wide emergency. Prioritize patch confirmation for fleets with Qualcomm MSM graphics hardware or embedded Linux devices where kernel crashes affect availability or reliability.

Technical view

The drm/msm/dp fix explicitly depopulates the AUX bus in error and component unbind paths. The source describes EDID dumps of zeros and rare KASAN-reported use-after-free when panel EDID reads occur after DP controller resources are torn down.

Likely exposure

Exposure appears limited to Linux systems using the affected drm/msm DisplayPort/eDP path, commonly Qualcomm MSM-based devices. The provided version data lists affected Linux entries including 6.1, 6.3.13, 6.4.4, and 6.5, but the affected-version metadata is incomplete and somewhat ambiguous.

Exploitation context

No active exploitation is supported by the supplied sources, and the CVE is not marked KEV. The evidence describes reliability and memory-safety symptoms during hardware driver teardown or probe-deferral flows, not a public remote exploitation path.

Researcher notes

The source-backed root cause is lifecycle mismatch between AUX bus devices and DP controller teardown. The public record does not provide CVSS, CWE, exploitability detail, or a workaround beyond applying the kernel fixes.

Mitigation direction

  • Update to a kernel containing the referenced stable fixes.
  • Check distro or device-vendor advisories for packaged kernel status.
  • For embedded devices, request firmware with the upstream fix included.
  • Avoid inventing workarounds; follow vendor guidance if patching is unavailable.

Validation and detection

  • Inventory Linux kernel versions on Qualcomm MSM-based systems.
  • Confirm whether the referenced stable commits are present in the kernel tree.
  • Review logs for zero-filled EDID dumps or KASAN use-after-free reports.
  • Check vendor advisories for affected and fixed package versions.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53851 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux2b57f726611e294dc4297dd48eb8c98ef1938e82, 2b57f726611e294dc4297dd48eb8c98ef1938e82, 2b57f726611e294dc4297dd48eb8c98ef1938e82, 8768663188e4169333f66583e4d2432e65c421df, 6.0.7unaffected
LinuxLinux6.1, 0, 6.3.13, 6.4.4, 6.5affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.