CVE-2023-53077 – This CVE-2023-53077 is a shift-out-of-bounds vu... (How to Fix)

Q: What is the severity of CVE-2023-53077?

CVE-2023-53077 has a CVSS score of 7.8 (HIGH). This CVE-2023-53077 is a shift-out-of-bounds vulnerability in the AMD display driver component of the Linux kernel. When PTEBufferSizeInRequests is zero, the dml_log2() function returns an unexpected negative value, causing an undefined shift operation that could lead to kernel instability or crashes. This affects Linux systems with AMD graphics hardware using the affected kernel versions.

📋 TL;DR

This CVE-2023-53077 is a shift-out-of-bounds vulnerability in the AMD display driver component of the Linux kernel. When PTEBufferSizeInRequests is zero, the dml_log2() function returns an unexpected negative value, causing an undefined shift operation that could lead to kernel instability or crashes. This affects Linux systems with AMD graphics hardware using the affected kernel versions.

💻 Affected Systems

Products:

Linux kernel with AMD display driver (drm/amd/display)

Versions: Linux kernel versions containing the vulnerable code before the fix commits

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD graphics hardware and the affected display driver component to be loaded. Systems without AMD graphics or with the driver disabled are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially allowing local privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System instability, display driver crashes, or kernel panics when specific conditions trigger the vulnerable code path.

🟢

If Mitigated

Minor system instability that requires reboot to recover, with no data loss or privilege escalation.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access to trigger.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and specific conditions to trigger the vulnerable code path. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 031f196d1b1b6d5dfcb0533b431e3ab1750e6189, 7257070be70e19a9138f39009c1a26c83a8a7cfa, a16394b5d661afec9a264fecac3abd87aea439ea, bec1bea2fa974e63f6059c33edde669c7894d0bc, e12b95680821b9880cd9992c0f3555389363604f

Vendor Advisory: https://git.kernel.org/stable/c/031f196d1b1b6d5dfcb0533b431e3ab1750e6189

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable AMD display driver

linux

Prevent loading of the vulnerable AMD display driver module

echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with AMD graphics hardware
Monitor system logs for kernel panic or display driver crash events

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if AMD display driver is loaded: 'lsmod | grep amdgpu' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and test system stability with AMD graphics operations

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
AMD display driver crash logs
UBSAN warnings about shift operations

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "UBSAN") AND "amd"

📊 Metadata

CVE ID: CVE-2023-53077

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (5.8th percentile)

Published: May 2, 2025

Last Updated: November 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53077, you might also want to check these: