CVE-2023-53090
📋 TL;DR
A memory access vulnerability in the Linux kernel's AMD KFD driver allows local attackers to cause a kernel crash (denial of service) when copy_from_user() fails during event waiting operations. This affects Linux systems with AMD GPU hardware using the affected kernel versions. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel with AMD KFD (Kernel Fusion Driver) support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel crash when specific IOCTL operations fail.
If Mitigated
No impact if system is patched or doesn't use AMD KFD driver.
🎯 Exploit Status
Exploitation requires local access and triggering the copy_from_user() failure path in kfd_wait_on_events().
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 2fece63b55c5d74cd6f5de51159e2cde37e10555, 4fc8fff378b2f2039f2a666d9f8c570f4e58352c, 5a3fb3b745af0ce46ec2e0c8e507bae45b937334, 61f306f8df0d5559659c5578cf6d95236bcdcb25, 6936525142a015e854d0a23e9ad9ea0a28b3843d
Vendor Advisory: https://git.kernel.org/stable/c/2fece63b55c5d74cd6f5de51159e2cde37e10555
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable AMD KFD module
linuxPrevent loading of the vulnerable AMD KFD driver module
echo 'blacklist amdkfd' >> /etc/modprobe.d/blacklist-amdkfd.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with AMD GPUs
- Implement strict privilege separation and limit who can access GPU-related system calls
🔍 How to Verify
Check if Vulnerable:
Check if AMD KFD module is loaded: lsmod | grep amdkfd AND check kernel version against affected rangesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated AND test that kfd_wait_on_events() error handling doesn't crash📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning native_queued_spin_lock_slowpath
- System crash logs with call trace showing kfd_wait_on_events
Network Indicators:
- None - local vulnerability only
SIEM Query:
kernel_panic OR (call_trace CONTAINS 'kfd_wait_on_events')🔗 References
- https://git.kernel.org/stable/c/2fece63b55c5d74cd6f5de51159e2cde37e10555
- https://git.kernel.org/stable/c/4fc8fff378b2f2039f2a666d9f8c570f4e58352c
- https://git.kernel.org/stable/c/5a3fb3b745af0ce46ec2e0c8e507bae45b937334
- https://git.kernel.org/stable/c/61f306f8df0d5559659c5578cf6d95236bcdcb25
- https://git.kernel.org/stable/c/6936525142a015e854d0a23e9ad9ea0a28b3843d
- https://git.kernel.org/stable/c/bbf5eada4334a96e3a204b2307ff5b14dc380b0b
- https://git.kernel.org/stable/c/d9923e7214a870b312bf61f6a89c7554d0966985
