What is CVE-2023-53991?

CVE-2023-53991 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.7 onward and patched in 5.10.173, 5.15.99, 6.1.16 and others. CVE-2023-53991 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53991?

CVE-2023-53991 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53991?

Yes, CVE-2023-53991 has been patched. Fixed versions include 5.10.173, 5.15.99, 6.1.16 and others. If you are running Linux kernel 5.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53991 actively exploited?

CVE-2023-53991 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53991

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC blocks, until their allocation/assignment is being sanity-checked in "drm/msm/dpu: Reject topologies for which no DSC blocks are available") remain NULL but will still be returned out of dpu_rm_get_assigned_resources, where the caller expects to get an array containing num_blks valid pointers (but instead gets these NULLs). To prevent this from happening, where null-pointer dereferences typically result in a hard-to-debug platform lockup, num_blks shouldn't increase past NULL blocks and will print an error and break instead. After all, max_blks represents the static size of the maximum number of blocks whereas the actual amount varies per platform. ^1: which can happen after a git rebase ended up moving additions to _dpu_cfg to a different struct which has the same patch context. Patchwork: https://patchwork.freedesktop.org/patch/517636/

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.7 and later are affected. Fixed in 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 5.7

Fixed in

✓ 5.10.173 5.10.x ✓ 5.15.99 5.15.x ✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-53991 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/8dbd54d679e3ab37be43bc1ed9f463dbf83a2259
Patch
Kernel patch commit
https://git.kernel.org/stable/c/9e1e236acdc42b5c43ec8d7f03a39537e70cc309
Patch
Kernel patch commit
https://git.kernel.org/stable/c/9fe3644c720ac87d150f0bba5a4ae86cae55afaf
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53991?

CVE-2023-53991 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.7 onward and has been patched in 5.10.173, 5.15.99, 6.1.16 and others. CVE-2023-53991 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53991?

Yes — CVE-2023-53991 has been patched. Fixed versions include 5.10.173, 5.15.99, 6.1.16 and others. If you are running Linux kernel 5.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53991 actively exploited?

No — CVE-2023-53991 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.