CVE-2023-53851: drm/msm/dp: Drop aux devices together with DP controller
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: Drop aux devices together with DP controller
Using devres to depopulate the aux bus made sure that upon a probe
deferral the EDP panel device would be destroyed and recreated upon next
attempt.
But the struct device which the devres is tied to is the DPUs
(drm_dev->dev), which may be happen after the DP controller is torn
down.
Indications of this can be seen in the commonly seen EDID-hexdump full
of zeros in the log, or the occasional/rare KASAN fault where the
panel's attempt to read the EDID information causes a use after free on
DP resources.
It's tempting to move the devres to the DP controller's struct device,
but the resources used by the device(s) on the aux bus are explicitly
torn down in the error path. The KASAN-reported use-after-free also
remains, as the DP aux "module" explicitly frees its devres-allocated
memory in this code path.
As such, explicitly depopulate the aux bus in the error path, and in the
component unbind path, to avoid these issues.
Patchwork: https://patchwork.freedesktop.org/patch/542163/
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel driver bug in Qualcomm MSM DisplayPort/eDP handling. During certain probe failure or device teardown paths, panel EDID reads may touch DisplayPort resources after they were freed, causing bad display behavior or a kernel memory safety fault.
Executive priority
Treat as a targeted kernel maintenance issue, not an internet-wide emergency. Prioritize patch confirmation for fleets with Qualcomm MSM graphics hardware or embedded Linux devices where kernel crashes affect availability or reliability.
Technical view
The drm/msm/dp fix explicitly depopulates the AUX bus in error and component unbind paths. The source describes EDID dumps of zeros and rare KASAN-reported use-after-free when panel EDID reads occur after DP controller resources are torn down.
Likely exposure
Exposure appears limited to Linux systems using the affected drm/msm DisplayPort/eDP path, commonly Qualcomm MSM-based devices. The provided version data lists affected Linux entries including 6.1, 6.3.13, 6.4.4, and 6.5, but the affected-version metadata is incomplete and somewhat ambiguous.
Exploitation context
No active exploitation is supported by the supplied sources, and the CVE is not marked KEV. The evidence describes reliability and memory-safety symptoms during hardware driver teardown or probe-deferral flows, not a public remote exploitation path.
Researcher notes
The source-backed root cause is lifecycle mismatch between AUX bus devices and DP controller teardown. The public record does not provide CVSS, CWE, exploitability detail, or a workaround beyond applying the kernel fixes.
Mitigation direction
Update to a kernel containing the referenced stable fixes.
Check distro or device-vendor advisories for packaged kernel status.
For embedded devices, request firmware with the upstream fix included.
Avoid inventing workarounds; follow vendor guidance if patching is unavailable.
Validation and detection
Inventory Linux kernel versions on Qualcomm MSM-based systems.
Confirm whether the referenced stable commits are present in the kernel tree.
Review logs for zero-filled EDID dumps or KASAN use-after-free reports.
Check vendor advisories for affected and fixed package versions.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53851 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 9, 2025, 01:30 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.