CVE-2023-53036: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the check to prevent memory wipe in shutdown stage. [ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu] [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu] [ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu] [ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu] [ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu] [ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu] [ +0.000090] drm_dev_release+0x28/0x50 [drm] [ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm] [ +0.000011] devm_action_release+0x15/0x20 [ +0.000003] release_nodes+0x40/0xc0 [ +0.000001] devres_release_all+0x9e/0xe0 [ +0.000001] device_unbind_cleanup+0x12/0x80 [ +0.000003] device_release_driver_internal+0xff/0x160 [ +0.000001] driver_detach+0x4a/0x90 [ +0.000001] bus_remove_driver+0x6c/0xf0 [ +0.000001] driver_unregister+0x31/0x50 [ +0.000001] pci_unregister_driver+0x40/0x90 [ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]
AI Analysis
Technical Summary
CVE-2023-53036 is a vulnerability identified in the Linux kernel specifically affecting the AMDGPU driver, which manages AMD graphics processing units (GPUs). The issue arises during the shutdown or removal process of the amdgpu device when Reliability, Availability, and Serviceability (RAS) features are enabled on the GPU. The vulnerability manifests as a call trace warning and a system hang during device removal, caused by improper handling of device shutdown flags. The root cause is linked to the use of an incorrect flag to prevent memory wipe during the shutdown stage. The fix involves replacing the shutdown flag check with the DRM device unplugged flag to correctly manage memory wipe operations and prevent the hang. The call trace logs indicate the problem occurs in functions responsible for finalizing GPU memory management and device release, such as amdgpu_vram_mgr_fini, amdgpu_ttm_fini, and amdgpu_device_fini_sw. This vulnerability does not appear to have any known exploits in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet, and the vulnerability was published in May 2025.
Potential Impact
For European organizations, this vulnerability could lead to system instability or denial of service (DoS) conditions on Linux systems using AMD GPUs with RAS enabled. The hang during device removal or shutdown could disrupt critical services, especially in environments relying on GPU-accelerated computing such as data centers, scientific research, media production, and financial services. While it does not directly lead to privilege escalation or data leakage, the inability to properly shut down or remove GPU devices can cause operational downtime and potential data loss if systems become unresponsive. Organizations with large deployments of Linux servers or workstations using AMD GPUs may experience increased maintenance overhead and risk of unexpected outages. Since no known exploits exist, the immediate risk is moderate, but the vulnerability should be addressed promptly to avoid future exploitation or operational impact.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that address this vulnerability as soon as they become available from their Linux distribution vendors. Specifically, ensure that the amdgpu driver is updated to the fixed version that uses the DRM device unplugged flag instead of the shutdown flag during device removal. System administrators should monitor kernel updates and test patches in staging environments before production deployment to avoid regressions. Additionally, organizations should audit their Linux systems to identify those running AMD GPUs with RAS enabled and prioritize patching on these systems. For critical environments, consider implementing redundant systems or failover mechanisms to mitigate potential downtime caused by GPU device hangs. Monitoring system logs for call trace warnings related to amdgpu can help detect attempts to trigger the vulnerability. Finally, maintain regular backups and incident response plans to minimize operational impact in case of system hangs or crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2023-53036: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the check to prevent memory wipe in shutdown stage. [ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu] [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu] [ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu] [ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu] [ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu] [ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu] [ +0.000090] drm_dev_release+0x28/0x50 [drm] [ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm] [ +0.000011] devm_action_release+0x15/0x20 [ +0.000003] release_nodes+0x40/0xc0 [ +0.000001] devres_release_all+0x9e/0xe0 [ +0.000001] device_unbind_cleanup+0x12/0x80 [ +0.000003] device_release_driver_internal+0xff/0x160 [ +0.000001] driver_detach+0x4a/0x90 [ +0.000001] bus_remove_driver+0x6c/0xf0 [ +0.000001] driver_unregister+0x31/0x50 [ +0.000001] pci_unregister_driver+0x40/0x90 [ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]
AI-Powered Analysis
Technical Analysis
CVE-2023-53036 is a vulnerability identified in the Linux kernel specifically affecting the AMDGPU driver, which manages AMD graphics processing units (GPUs). The issue arises during the shutdown or removal process of the amdgpu device when Reliability, Availability, and Serviceability (RAS) features are enabled on the GPU. The vulnerability manifests as a call trace warning and a system hang during device removal, caused by improper handling of device shutdown flags. The root cause is linked to the use of an incorrect flag to prevent memory wipe during the shutdown stage. The fix involves replacing the shutdown flag check with the DRM device unplugged flag to correctly manage memory wipe operations and prevent the hang. The call trace logs indicate the problem occurs in functions responsible for finalizing GPU memory management and device release, such as amdgpu_vram_mgr_fini, amdgpu_ttm_fini, and amdgpu_device_fini_sw. This vulnerability does not appear to have any known exploits in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet, and the vulnerability was published in May 2025.
Potential Impact
For European organizations, this vulnerability could lead to system instability or denial of service (DoS) conditions on Linux systems using AMD GPUs with RAS enabled. The hang during device removal or shutdown could disrupt critical services, especially in environments relying on GPU-accelerated computing such as data centers, scientific research, media production, and financial services. While it does not directly lead to privilege escalation or data leakage, the inability to properly shut down or remove GPU devices can cause operational downtime and potential data loss if systems become unresponsive. Organizations with large deployments of Linux servers or workstations using AMD GPUs may experience increased maintenance overhead and risk of unexpected outages. Since no known exploits exist, the immediate risk is moderate, but the vulnerability should be addressed promptly to avoid future exploitation or operational impact.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that address this vulnerability as soon as they become available from their Linux distribution vendors. Specifically, ensure that the amdgpu driver is updated to the fixed version that uses the DRM device unplugged flag instead of the shutdown flag during device removal. System administrators should monitor kernel updates and test patches in staging environments before production deployment to avoid regressions. Additionally, organizations should audit their Linux systems to identify those running AMD GPUs with RAS enabled and prioritize patching on these systems. For critical environments, consider implementing redundant systems or failover mechanisms to mitigate potential downtime caused by GPU device hangs. Monitoring system logs for call trace warnings related to amdgpu can help detect attempts to trigger the vulnerability. Finally, maintain regular backups and incident response plans to minimize operational impact in case of system hangs or crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:40:15.763Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6d9f
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 3:26:58 AM
Last updated: 8/15/2025, 10:07:29 AM
Views: 13
Related Threats
CVE-2025-55207: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in withastro astro
MediumCVE-2025-49897: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gopiplus Vertical scroll slideshow gallery v2
HighCVE-2025-49432: CWE-862 Missing Authorization in FWDesign Ultimate Video Player
MediumCVE-2025-55203: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in makeplane plane
MediumCVE-2025-54989: CWE-476: NULL Pointer Dereference in FirebirdSQL firebird
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.