How to fix CVE-2023-53085?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Is Linux Kernel affected by CVE-2023-53085?

CVE-2023-53085 presents moderate security risk rated CVSS 7.1. Exploitation could compromise the security of affected deployments. A patch is available and should be applied as part of regular vulnerability management.

CVE-2023-53085

HIGH

2025-05-02 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Linux Information Disclosure Linux Kernel Redhat Suse

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Patch Released

Mar 17, 2026 - 20:45 nvd

Patch available

CVE Published

May 02, 2025 - 16:15 nvd

HIGH 7.1

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/edid: fix info leak when failing to get panel id

Make sure to clear the transfer buffer before fetching the EDID to avoid leaking slab data to the logs on errors that leave the buffer unchanged.

AnalysisAI

This is an information disclosure vulnerability in the Linux kernel's DRM (Direct Rendering Manager) EDID (Extended Display Identification Data) handling code. The vulnerability affects Linux kernel versions starting from 6.3-rc1, where uninitialized slab memory can be leaked to system logs when reading panel identification data fails. With a CVSS score of 7.1 and an EPSS probability of 0.08% (23rd percentile), this vulnerability has low observed exploitation likelihood and is not listed in CISA's Known Exploited Vulnerabilities catalog.

Technical ContextAI

The vulnerability exists in the DRM subsystem's EDID parsing code within the Linux kernel, specifically affecting versions 6.3-rc1, 6.3-rc2, and later unpatched versions as indicated by the CPE strings. EDID is a data structure provided by displays containing identification information and supported video modes. When the kernel attempts to retrieve panel ID information and the operation fails, the transfer buffer is not properly cleared beforehand, resulting in previously allocated kernel memory (slab data) being written to system logs. This represents a classic information disclosure vulnerability where kernel memory contents can be exposed to unprivileged users who have access to system logs, potentially revealing sensitive data from previous kernel operations that used the same memory region.

RemediationAI

Apply the official Linux kernel patches available at https://git.kernel.org/stable/c/4d8457fe0eb9c80ff7795cf8a30962128b71d853 and https://git.kernel.org/stable/c/598c42c78919117dc0d235ae22d17ad642377483. Distributions should update to kernel versions that incorporate these fixes through their normal update channels. Until patching is completed, limit access to system logs containing kernel debug information to only essential administrative users, and consider implementing stricter log access controls through DAC or MAC policies like SELinux or AppArmor. Organizations can also restrict physical access to systems where local exploitation would be possible, though this does not eliminate the risk from authenticated local users.

Vendor StatusVendor

CVE-2023-53085 vulnerability details – vuln.today

Back