What is CVE-2023-53851?

CVE-2023-53851 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.0.7 onward and patched in 6.3.13, 6.4.4 and 6.5. CVE-2023-53851 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53851?

CVE-2023-53851 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53851?

Yes, CVE-2023-53851 has been patched. Fixed versions include 6.3.13, 6.4.4 and 6.5. If you are running Linux kernel 6.0.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53851 actively exploited?

CVE-2023-53851 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53851

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt. But the struct device which the devres is tied to is the DPUs (drm_dev->dev), which may be happen after the DP controller is torn down. Indications of this can be seen in the commonly seen EDID-hexdump full of zeros in the log, or the occasional/rare KASAN fault where the panel's attempt to read the EDID information causes a use after free on DP resources. It's tempting to move the devres to the DP controller's struct device, but the resources used by the device(s) on the aux bus are explicitly torn down in the error path. The KASAN-reported use-after-free also remains, as the DP aux "module" explicitly frees its devres-allocated memory in this code path. As such, explicitly depopulate the aux bus in the error path, and in the component unbind path, to avoid these issues. Patchwork: https://patchwork.freedesktop.org/patch/542163/

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.0.7, 6.1 and later are affected. Fixed in 6.3.13, 6.4.4, 6.5 and their respective stable series.

Affected from

≥ 6.0.7 ≥ 6.1

Fixed in

✓ 6.3.13 6.3.x ✓ 6.4.4 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-53851 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2fde37445807e6e6d7981402d0bf1be0e5d81291
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a7bfb2ad2184a1fba78be35209b6019aa8cc8d4d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/e09ed06938807cb113cddd0708ed74bd8cdaff33
Patch

Frequently asked questions

What is CVE-2023-53851?

CVE-2023-53851 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.0.7 onward and has been patched in 6.3.13, 6.4.4 and 6.5. CVE-2023-53851 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53851?

Yes — CVE-2023-53851 has been patched. Fixed versions include 6.3.13, 6.4.4 and 6.5. If you are running Linux kernel 6.0.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53851 actively exploited?

No — CVE-2023-53851 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.