Login Sign Up

CVE-2023-52693

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a Linux kernel vulnerability where the ACPI video driver fails to properly handle errors when searching for a backlight device's parent. If acpi_get_parent() fails, uninitialized memory is passed to acpi_get_pci_dev(), potentially causing system instability or crashes. This affects Linux systems with ACPI video functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires ACPI video functionality to be enabled and used. Most desktop/laptop systems with ACPI support are affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System instability, kernel oops, or crashes when handling ACPI video operations, resulting in denial of service.

🟢

If Mitigated

Minor system instability that may require reboot, but no data loss or privilege escalation.

🌐 Internet-Facing: LOW - Requires local access or existing system compromise to trigger.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, causing system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific ACPI video operations. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 1e3a2b9b4039bb4d136dca59fb31e06465e056f3, 2124c5bc22948fc4d09a23db4a8acdccc7d21e95, 39af144b6d01d9b40f52e5d773e653957e6c379c, 3a370502a5681986f9828e43be75ce26c6ab24af, 556f02699d33c1f40b1b31bd25828ce08fa165d8

Vendor Advisory: https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable ACPI video backlight support

linux

Prevent the vulnerable code path by disabling ACPI video backlight functionality

echo 0 > /sys/class/backlight/acpi_video0/brightness
modprobe -r acpi_video

🧯 If You Can't Patch

  • Restrict local user access to systems where ACPI video operations could be triggered
  • Monitor system logs for kernel oops or crashes related to ACPI video operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisory. Run: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version. Check if ACPI video module loads without errors: dmesg | grep -i acpi_video

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages in dmesg or /var/log/kern.log
  • ACPI error messages
  • System crash/panic logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("ACPI" OR "acpi_video" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2023-52693
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Published: May 17, 2024
Last Updated: December 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON