Bug 2401511 (CVE-2023-53547)

Summary: CVE-2023-53547 kernel: drm/amdgpu: Fix sdma v4 sw fini error
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
An invalid pointer dereference flaw was found in the Linux kernel AMD GPU SDMA v4 driver's cleanup code. On systems with SDMA 4.2.2 hardware, driver unload or system shutdown triggers the sdma_v4_0_sw_fini() cleanup path, which attempts to release firmware using an uninitialized or corrupted pointer, causing a general protection fault with a non-canonical address and denial of service through kernel crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-04 16:04:48 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix sdma v4 sw fini error

Fix sdma v4 sw fini error for sdma 4.2.2 to
solve the following general protection fault

[  +0.108196] general protection fault, probably for non-canonical
address 0xd5e5a4ae79d24a32: 0000 [#1] PREEMPT SMP PTI
[  +0.000018] RIP: 0010:free_fw_priv+0xd/0x70
[  +0.000022] Call Trace:
[  +0.000012]  <TASK>
[  +0.000011]  release_firmware+0x55/0x80
[  +0.000021]  amdgpu_ucode_release+0x11/0x20 [amdgpu]
[  +0.000415]  amdgpu_sdma_destroy_inst_ctx+0x4f/0x90 [amdgpu]
[  +0.000360]  sdma_v4_0_sw_fini+0xce/0x110 [amdgpu]
Comment 1 Alexander B 2025-10-06 14:39:12 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100446-CVE-2023-53547-38ce@gregkh/T