CVE-2023-53378
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
18/09/2025
Última modificación:
19/09/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/i915/dpt: Treat the DPT BO as a framebuffer<br />
<br />
Currently i915_gem_object_is_framebuffer() doesn&#39;t treat the<br />
BO containing the framebuffer&#39;s DPT as a framebuffer itself.<br />
This means eg. that the shrinker can evict the DPT BO while<br />
leaving the actual FB BO bound, when the DPT is allocated<br />
from regular shmem.<br />
<br />
That causes an immediate oops during hibernate as we<br />
try to rewrite the PTEs inside the already evicted<br />
DPT obj.<br />
<br />
TODO: presumably this might also be the reason for the<br />
DPT related display faults under heavy memory pressure,<br />
but I&#39;m still not sure how that would happen as the object<br />
should be pinned by intel_dpt_pin() while in active use by<br />
the display engine...<br />
<br />
(cherry picked from commit 779cb5ba64ec7df80675a956c9022929514f517a)