{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53389","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:54:09.737Z","datePublished":"2025-09-18T13:33:32.095Z","dateUpdated":"2026-05-11T19:44:00.271Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:44:00.271Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: Only trigger DRM HPD events if bridge is attached\n\nThe MediaTek DisplayPort interface bridge driver starts its interrupts\nas soon as its probed. However when the interrupts trigger the bridge\nmight not have been attached to a DRM device. As drm_helper_hpd_irq_event()\ndoes not check whether the passed in drm_device is valid or not, a NULL\npointer passed in results in a kernel NULL pointer dereference in it.\n\nCheck whether the bridge is attached and only trigger an HPD event if\nit is."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/mediatek/mtk_dp.c"],"versions":[{"version":"f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b","lessThan":"6524d3d58797975cc40b85be1e9b89721b4e8d0b","status":"affected","versionType":"git"},{"version":"f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b","lessThan":"3551789d0635dfb2df8ab8e7fdbf0647e9c1724c","status":"affected","versionType":"git"},{"version":"f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b","lessThan":"d1c04e338016ae2517c641806a831b1f3eee2bed","status":"affected","versionType":"git"},{"version":"f70ac097a2cf5d4b67b2c1bbb73196c573ffcb7b","lessThan":"36b617f7e4ae663fcadd202ea061ca695ca75539","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/mediatek/mtk_dp.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.28","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.15","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.2","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.2.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.3.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6524d3d58797975cc40b85be1e9b89721b4e8d0b"},{"url":"https://git.kernel.org/stable/c/3551789d0635dfb2df8ab8e7fdbf0647e9c1724c"},{"url":"https://git.kernel.org/stable/c/d1c04e338016ae2517c641806a831b1f3eee2bed"},{"url":"https://git.kernel.org/stable/c/36b617f7e4ae663fcadd202ea061ca695ca75539"}],"title":"drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53389","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:58:37.692355Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T19:03:05.329Z"}}]}}