CVE-2023-53625

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's Intel GVT (Graphics Virtualization Technology) driver. When removing a virtual GPU (vGPU) via debugfs during driver unload, the system attempts to access debugfs root after it has already been destroyed, causing a kernel oops and potential system crash. This affects systems using Intel GVT-g for GPU virtualization with specific Intel integrated graphics.

💻 Affected Systems

Products:
  • Linux kernel with Intel GVT-g support
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions with Intel GVT-g enabled
Default Config Vulnerable: ✅ No
Notes: Only affects systems with Intel integrated graphics using GVT-g virtualization feature. Requires CONFIG_DRM_I915_GVT=y and active vGPU usage.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical reboot.

🟠

Likely Case

System instability or crash when removing vGPU devices or unloading the i915 driver, causing service disruption.

🟢

If Mitigated

Minor service interruption during driver maintenance operations.

🌐 Internet-Facing: LOW - Requires local access and specific driver operations.
🏢 Internal Only: MEDIUM - Could be triggered by administrators during maintenance or by malicious local users.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger vGPU removal operations. Not easily weaponized for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 44c0e07e3972e3f2609d69ad873d4f342f8a68ec and others listed in references

Vendor Advisory: https://git.kernel.org/stable/c/44c0e07e3972e3f2609d69ad873d4f342f8a68ec

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Intel GVT-g

linux

Disable GPU virtualization feature if not required

echo 'blacklist kvmgt' > /etc/modprobe.d/disable-kvmgt.conf
rmmod kvmgt
update-initramfs -u

Avoid vGPU removal operations

linux

Prevent triggering the vulnerable code path by avoiding vGPU removal

🧯 If You Can't Patch

  • Restrict local access to prevent malicious users from triggering the vulnerability
  • Avoid removing vGPU devices or unloading i915 driver while system is in production use

🔍 How to Verify

Check if Vulnerable:

Check if system has Intel GVT-g enabled: lsmod | grep kvmgt && dmesg | grep -i gvt

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from kernel git commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages in dmesg/system logs
  • NULL pointer dereference at address 0000000000000150
  • Call trace showing intel_gvt_debugfs_remove_vgpu

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "Oops" OR "intel_gvt")

📊 Metadata

CVE ID: CVE-2023-53625
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: October 7, 2025
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53625, you might also want to check these:

CVE-2023-53621 7.8

A race condition in the Linux kernel's memory controller (memcontrol) subsystem can cause a NULL poi...

Same vulnerability type (CWE-476)
CVE-2025-63655 7.5

This vulnerability allows attackers to crash Monkey web servers by sending specially crafted HTTP re...

Same vulnerability type (CWE-476)
CVE-2025-68699 6.5

CVE-2025-68699 is a NULL pointer dereference vulnerability in NanoMQ MQTT Broker that allows remote ...

Same vulnerability type (CWE-476)