CVE-2023-53625

一、漏洞信息
 漏洞编号：[CVE-2023-53625](https://nvd.nist.gov/vuln/detail/CVE-2023-53625)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：N/A None
  Vector：CVSS：3.0/
 漏洞简述：
  A vulnerability was found in the Linux kernel s drm/i915/gvt module. The issue occurs during vgpu debugfs cleanup process. When destroying vgpu, the code doesn t properly check if the root debugfs is available. In remove cases, the drm minor s debugfs root might already be destroyed, which leads to kernel NULL pointer dereference and causes kernel oops as shown in the description.
 漏洞公开时间：2025-10-08 00:15:45
 漏洞创建时间：2025-10-07 23:49:26
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-53625
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://git.kernel.org/stable/c/af90f8b36d78544433a48a3eda6a5faeafacd0a1 |  |
|  | https://git.kernel.org/stable/c/f5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde |  |
|  | https://git.kernel.org/stable/c/ffa83fba2a2ce8010eb106c779378cb3013362c7 |  |
|  | https://git.kernel.org/stable/c/44c0e07e3972e3f2609d69ad873d4f342f8a68ec |  |
|  | https://git.kernel.org/stable/c/704f3384f322b40ba24d958473edfb1c9750c8fd |  |
|  | https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53625-3f41@gregkh/T/#u |  |
|  | https://www.cve.org/CVERecord?id=CVE-2023-53625 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2023-53625 |  |
|  | https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53625-3f41@gregkh/T |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2402211 |  |
|  | https://security-tracker.debian.org/tracker/CVE-2023-53625 |  |
|  | https://docs.bell-sw.com/security/cves/CVE-2023-53625 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  七彩瞬析开源风险感知平台
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| gregkh/linux |  | https://git.kernel.org/stable/c/af90f8b36d78544433a48a3eda6a5faeafacd0a1 |  | ljqc |
| gregkh/linux |  | https://git.kernel.org/stable/c/f5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde |  | ljqc |
| gregkh/linux |  | https://git.kernel.org/stable/c/ffa83fba2a2ce8010eb106c779378cb3013362c7 |  | ljqc |
| gregkh/linux |  | https://git.kernel.org/stable/c/44c0e07e3972e3f2609d69ad873d4f342f8a68ec |  | ljqc |
| gregkh/linux |  | https://git.kernel.org/stable/c/704f3384f322b40ba24d958473edfb1c9750c8fd |  | ljqc |
|  |  | https://git.kernel.org/stable/c/af90f8b36d78544433a48a3eda6a5faeafacd0a1 |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/f5a9bbf962e2c4b1d9addbfaf16d7ffcc2f63bde |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/ffa83fba2a2ce8010eb106c779378cb3013362c7 |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/44c0e07e3972e3f2609d69ad873d4f342f8a68ec |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/704f3384f322b40ba24d958473edfb1c9750c8fd |  | cvelistv5 |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In the Linux kernel, the following vulnerability has been resolved:drm/i915/gvt: fix vgpu debugfs clean in removeCheck carefully on root debugfs available when destroying vgpu,e.g in remove case drm minor s debugfs root might already be destroyed,which led to kernel oops like below.Console: switching to colour dummy device 80x25i915 0000:00:02.0: MDEV: Unregisteringintel_vgpu_mdev b1338b2d-a709-4c23-b766-cc436c36cdf0: Removing from iommu group 14BUG: kernel NULL pointer dereference, address: 0000000000000150PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMPCPU: 3 PID: 1046 Comm: driverctl Not tainted 6.1.0-rc2+ #6Hardware name: HP HP ProDesk 600 G3 MT/829D, BIOS P02 Ver. 02.44 09/13/2022RIP: 0010:__lock_acquire+0x5e2/0x1f90Code: 87 ad 09 00 00 39 05 e1 1e cc 02 0f 82 f1 09 00 00 ba 01 00 00 00 48 83 c4 48 89 d0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 45 31 ff &lt;48&gt; 81 3f 60 9e c2 b6 45 0f 45 f8 83 fe 01 0f 87 55 fa ff ff 89 f0RSP: 0018:ffff9f770274f948 EFLAGS: 00010046RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000000RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000150RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000R10: ffff8895d1173300 R11: 0000000000000001 R12: 0000000000000000R13: 0000000000000150 R14: 0000000000000000 R15: 0000000000000000FS:  00007fc9b2ba0740(0000) GS:ffff889cdfcc0000(0000) knlGS:0000000000000000CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000000000150 CR3: 000000010fd93005 CR4: 00000000003706e0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: &lt;TASK&gt; lock_acquire+0xbf/0x2b0 ? simple_recursive_removal+0xa5/0x2b0 ? lock_release+0x13d/0x2d0 down_write+0x2a/0xd0 ? simple_recursive_removal+0xa5/0x2b0 simple_recursive_removal+0xa5/0x2b0 ? start_creating.part.0+0x110/0x110 ? _raw_spin_unlock+0x29/0x40 debugfs_remove+0x40/0x60 intel_gvt_debugfs_remove_vgpu+0x15/0x30 [kvmgt] intel_gvt_destroy_vgpu+0x60/0x100 [kvmgt] intel_vgpu_release_dev+0xe/0x20 [kvmgt] device_release+0x30/0x80 kobject_put+0x79/0x1b0 device_release_driver_internal+0x1b8/0x230 bus_remove_device+0xec/0x160 device_del+0x189/0x400 ? up_write+0x9c/0x1b0 ? mdev_device_remove_common+0x60/0x60 [mdev] mdev_device_remove_common+0x22/0x60 [mdev] mdev_device_remove_cb+0x17/0x20 [mdev] device_for_each_child+0x56/0x80 mdev_unregister_parent+0x5a/0x81 [mdev] intel_gvt_clean_device+0x2d/0xe0 [kvmgt] intel_gvt_driver_remove+0x2e/0xb0 [i915] i915_driver_remove+0xac/0x100 [i915] i915_pci_remove+0x1a/0x30 [i915] pci_device_remove+0x31/0xa0 device_release_driver_internal+0x1b8/0x230 unbind_store+0xd8/0x100 kernfs_fop_write_iter+0x156/0x210 vfs_write+0x236/0x4a0 ksys_write+0x61/0xd0 do_syscall_64+0x55/0x80 ? find_held_lock+0x2b/0x80 ? lock_release+0x13d/0x2d0 ? up_read+0x17/0x20 ? lock_is_held_type+0xe3/0x140 ? asm_exc_page_fault+0x22/0x30 ? lockdep_hardirqs_on+0x7d/0x100 entry_SYSCALL_64_after_hwframe+0x46/0xb0RIP: 0033:0x7fc9b2c9e0c4Code: 15 71 7d 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 3d 05 0e 00 00 74 13 b8 01 00 00 00 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 48 89 54 24 18 48RSP: 002b:00007ffec29c81c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc9b2c9e0c4RDX: 000000000000000d RSI: 0000559f8b5f48a0 RDI: 0000000000000001RBP: 0000559f8b5f48a0 R08: 0000559f8b5f3540 R09: 00007fc9b2d76d30R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000dR13: 00007fc9b2d77780 R14: 000000000000000d R15: 00007fc9b2d72a00 &lt;/TASK&gt;Modules linked in: sunrpc intel_rapl_msr intel_rapl_common intel_pmc_core_pltdrv intel_pmc_core intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ee1004 igbvf rapl vfat fat intel_cstate intel_uncore pktcdvd i2c_i801 pcspkr wmi_bmof i2c_smbus acpi_pad vfio_pci vfio_pci_core vfio_virqfd zram fuse dm_multipath kvmgt mdev vfio_iommu_type1 vfio kvm irqbypass i915 nvme e1000e igb nvme_core crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic serio_r
 openEuler评分：
  7.0
 Vector：CVSS：3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.master(6.12.33):不受影响
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响
5.openEuler-24.03-LTS:不受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:不受影响
8.openEuler-24.03-LTS-SP2:不受影响

修复是否涉及abi变化(是/否)：
  1.master(6.12.33):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.openEuler-22.03-LTS-SP4(5.10.0):否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否
8.openEuler-24.03-LTS-SP2:否

原因说明：
  1.openEuler-20.03-LTS-SP4(4.19.90):正常修复
2.master(6.12.33):不受影响-漏洞代码不能被攻击者触发
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响-漏洞代码不能被攻击者触发
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS:不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1:不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP2:不受影响-漏洞代码不能被攻击者触发

src-openEuler/kernel

内容风险标识

评论 (5)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-53625

评论 (5)

搜索帮助

src-openEuler/kernel