CVE-2021-47362

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm: Update intermediate power state for SI

Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state. set_power_state refers to values from the current state and without current state populated, it could result in NULL pointer dereference.

For ex: on platforms where PCI speed change is supported through ACPI ATCS method, the link speed of current state needs to be queried before deciding on changing to final power state's link speed. The logic to query ATCS-support was broken on certain platforms. The issue became visible when broken ATCS-support logic got fixed with commit f9b7f3703ff9 ("drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)").

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2ab4d0e74256fc49b7b270f63c1d1e47c2455abc < 68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68affected
LinuxLinux2ab4d0e74256fc49b7b270f63c1d1e47c2455abc < 06a18e64256f7aecb5a27df02faa3568fcd3c105affected
LinuxLinux2ab4d0e74256fc49b7b270f63c1d1e47c2455abc < ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faaaffected
LinuxLinux2c83e77a3e35dc91350cea077d1aaefdc0a61297affected
LinuxLinux46cb720a8a3ece894eff4e1b85b3925efb71afd2affected
LinuxLinux65c96da9c684946d0874bf911fdb50a3b497cb30affected
LinuxLinux4.9.131 < 4.10affected
LinuxLinux4.14.74 < 4.15affected
LinuxLinux4.18.12 < 4.19affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux5.10.70 <= 5.10.*unaffected
LinuxLinux5.14.9 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References