1. Home
  2. Vulnerabilities
  3. CVE-2023-53314
5.5
MEDIUM CVSS 3.1
CVE-2023-53314
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
Description

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Do not assing the Linux device to struct fb_info.dev. The call to register_framebuffer() initializes the field to the fbdev device. Drivers should not override its value. Fixes a bug where the driver incorrectly decreases the hardware device's reference counter and leaks the fbdev device. v2: * add Fixes tag (Dan)

INFO

Published Date :

Sept. 16, 2025, 5:15 p.m.

Last Modified :

Jan. 14, 2026, 7:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-53314 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Correctly manage device references to prevent memory leaks and double-decrements.
  • Avoid assigning to struct fb_info.dev.
  • Do not override the value initialized by register_framebuffer().
  • Ensure correct reference counter management.
  • Apply kernel patches that fix this issue.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-53314.

URL Resource
https://git.kernel.org/stable/c/0517fc5a71333b315164736bbd32608894fbb872 Patch
https://git.kernel.org/stable/c/1c6ff2a7c593db851f23e31ace2baf557ea9d0ff Patch
https://git.kernel.org/stable/c/309c27162afea79b3c7f8747bb650faf6923b639 Patch
https://git.kernel.org/stable/c/4aade6c9100a3537788b6a9c7ac481037d19efdf Patch
https://git.kernel.org/stable/c/8ffa40ff64aa43a9a28fcf209b48d86a3e0f4972 Patch
https://git.kernel.org/stable/c/f83c1b13f8154e0284448912756d0a351a1a602a Patch
https://git.kernel.org/stable/c/f90a0e5265b60cdd3c77990e8105f79aa2fac994 Patch
https://git.kernel.org/stable/c/ffdf2b020db717853167391a3a8d912e13428fa6 Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-53314 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-53314 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-53314 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-53314 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jan. 14, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Initial Analysis by [email protected]

    Dec. 01, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.295 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.132 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.195 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.257 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.4 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.54 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.32 up to (excluding) 4.14.326
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0517fc5a71333b315164736bbd32608894fbb872 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1c6ff2a7c593db851f23e31ace2baf557ea9d0ff Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/309c27162afea79b3c7f8747bb650faf6923b639 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/4aade6c9100a3537788b6a9c7ac481037d19efdf Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8ffa40ff64aa43a9a28fcf209b48d86a3e0f4972 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/f83c1b13f8154e0284448912756d0a351a1a602a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/f90a0e5265b60cdd3c77990e8105f79aa2fac994 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ffdf2b020db717853167391a3a8d912e13428fa6 Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 16, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Do not assing the Linux device to struct fb_info.dev. The call to register_framebuffer() initializes the field to the fbdev device. Drivers should not override its value. Fixes a bug where the driver incorrectly decreases the hardware device's reference counter and leaks the fbdev device. v2: * add Fixes tag (Dan)
    Added Reference https://git.kernel.org/stable/c/0517fc5a71333b315164736bbd32608894fbb872
    Added Reference https://git.kernel.org/stable/c/1c6ff2a7c593db851f23e31ace2baf557ea9d0ff
    Added Reference https://git.kernel.org/stable/c/309c27162afea79b3c7f8747bb650faf6923b639
    Added Reference https://git.kernel.org/stable/c/4aade6c9100a3537788b6a9c7ac481037d19efdf
    Added Reference https://git.kernel.org/stable/c/8ffa40ff64aa43a9a28fcf209b48d86a3e0f4972
    Added Reference https://git.kernel.org/stable/c/f83c1b13f8154e0284448912756d0a351a1a602a
    Added Reference https://git.kernel.org/stable/c/f90a0e5265b60cdd3c77990e8105f79aa2fac994
    Added Reference https://git.kernel.org/stable/c/ffdf2b020db717853167391a3a8d912e13428fa6
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact