Bug 2395864 (CVE-2023-53316)

Summary: CVE-2023-53316 kernel: drm/msm/dp: Free resources after unregistering them
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-09-16 17:02:47 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: Free resources after unregistering them

The DP component's unbind operation walks through the submodules to
unregister and clean things up. But if the unbind happens because the DP
controller itself is being removed, all the memory for those submodules
has just been freed.

Change the order of these operations to avoid the many use-after-free
that otherwise happens in this code path.

Patchwork: https://patchwork.freedesktop.org/patch/542166/
Comment 1 Jon Moroney 2025-09-16 18:29:23 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53316-fb3d@gregkh/T