Login Sign Up

CVE-2023-52586

7.0 HIGH

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's DRM/MSM DPU driver where concurrent vblank interrupt enable/disable operations from different threads could lead to improper callback registration. This affects systems using Qualcomm Adreno GPU hardware with the affected kernel versions, potentially causing system instability or crashes.

💻 Affected Systems

Products:
  • Linux kernel with DRM/MSM DPU driver
Versions: Kernel versions containing the vulnerable code up to the fix commit
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires hardware with Qualcomm Adreno GPU and the MSM DPU driver enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Graphics subsystem instability, display corruption, or application crashes affecting GPU functionality.

🟢

If Mitigated

Minor performance impact from mutex locking with stable graphics operation.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific GPU operations.
🏢 Internal Only: MEDIUM - Local users or applications with GPU access could trigger instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger concurrent vblank operations through GPU applications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 14f109bf74dd67e1d0469fed859c8e506b0df53f or later

Vendor Advisory: https://git.kernel.org/stable/c/14f109bf74dd67e1d0469fed859c8e506b0df53f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable affected GPU features

linux

Disable vblank interrupt handling or limit GPU-intensive applications

🧯 If You Can't Patch

  • Restrict local user access to systems with affected hardware
  • Monitor system logs for GPU-related crashes or instability

🔍 How to Verify

Check if Vulnerable:

Check kernel version and confirm MSM DPU driver is loaded: 'uname -r' and 'lsmod | grep msm'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: 'uname -r' and check kernel changelog

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • GPU/drm subsystem errors in dmesg
  • Application crashes related to graphics

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "drm" OR "msm" OR "GPU")

📊 Metadata

CVE ID: CVE-2023-52586
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: March 6, 2024
Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52586, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)