CVE-2023-53002

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix a memory leak with reused mmap_offset

drm_vma_node_allow() and drm_vma_node_revoke() should be called in balanced pairs. We call drm_vma_node_allow() once per-file everytime a user calls mmap_offset, but only call drm_vma_node_revoke once per-file on each mmap_offset. As the mmap_offset is reused by the client, the per-file vm_count may remain non-zero and the rbtree leaked.

Call drm_vma_node_allow_once() instead to prevent that memory leak.

Published: Mar 27, 2025
Updated: May 4, 2025
CVE: CVE-2023-53002
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.2-rc1	6.2-rc1.x
linux / linux_kernel	6.2-rc2	6.2-rc2.x
linux / linux_kernel	6.2-rc3	6.2-rc3.x
linux / linux_kernel	6.2-rc4	6.2-rc4.x
linux / linux_kernel	6.2-rc5	6.2-rc5.x
linux / linux_kernel	5.7	6.1.9

https://git.kernel.org/stable/c/0220e4fe178c3390eb0291cdb34912d66972db8a
https://git.kernel.org/stable/c/0bdc4b4ba7206c452ee81c82fa66e39d0e1780fb

Vulnerability Database

CVE-2023-53002