CVE-2023-52657 in Linux
Summary
by MITRE • 05/17/2024
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd/pm: resolve reboot exception for si oland"
This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.
This causes hangs on SI when DC is enabled and errors on driver reboot and power off cycles.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/20/2026
The vulnerability identified as CVE-2023-52657 represents a critical regression in the Linux kernel's graphics subsystem that specifically affects AMD Radeon graphics hardware. This issue stems from an erroneous commit that attempted to address reboot exceptions in the drm/amd/pm driver but inadvertently introduced new problems that severely impact system stability and functionality. The vulnerability manifests as a regression that directly impacts the Silicon Integrated (SI) graphics architecture, particularly the Oland GPU variant, which is commonly found in AMD Radeon HD 7000 series graphics cards. The root cause lies in the improper handling of power management states during system shutdown and reboot operations, creating a scenario where the graphics driver fails to properly transition the hardware through its power states.
The technical flaw occurs within the Direct Rendering Manager (DRM) subsystem's AMD power management implementation, specifically in the driver's handling of device context management during system transitions. When DC (Display Core) is enabled, the graphics subsystem enters a problematic state where system hangs occur during critical operations such as reboot sequences and power off cycles. This regression affects the driver's ability to properly manage hardware state transitions, leading to complete system freezes that prevent normal shutdown procedures from completing successfully. The issue is particularly concerning because it affects fundamental system operations, making the affected systems unreliable for production use and potentially causing data loss during unexpected shutdowns.
The operational impact of this vulnerability extends beyond simple system instability to encompass complete system reliability degradation, particularly in environments where graphics-intensive applications are common. Systems utilizing AMD Radeon graphics with DC enabled become prone to hanging during power management operations, which can occur during regular system shutdowns, reboot sequences, or even during normal operation when the system attempts to enter low power states. This vulnerability directly impacts the Linux kernel's ability to maintain stable power management operations for AMD graphics hardware, creating a risk of system crashes that could lead to data corruption or loss. The problem affects both desktop and server environments where AMD graphics cards are deployed, particularly in scenarios where automated shutdown or reboot operations are common.
Mitigation strategies for CVE-2023-52657 involve reverting the problematic commit that introduced the regression, effectively restoring the previous power management behavior that was stable and functional. This approach aligns with standard vulnerability remediation practices where the most direct solution is to undo the problematic code change that introduced the instability. System administrators should ensure that affected systems are updated to kernel versions that contain the proper revert of commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86, which restores proper power management functionality for AMD graphics hardware. Additionally, users may need to disable DC (Display Core) functionality temporarily as a workaround while waiting for official kernel updates, though this may impact display performance and power efficiency. The vulnerability demonstrates the importance of thorough testing of power management changes in graphics drivers, particularly in relation to system shutdown and reboot sequences, as these operations are critical to overall system stability and reliability. This issue is classified under CWE-284 Access Control and CWE-755 Improper Handling of Exceptional Conditions in the Common Weakness Enumeration framework, and aligns with ATT&CK technique T1490 Inhibit System Recovery during system stability and power management operations.