CVE-2024-50090

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/oa: Fix overflow in oa batch buffer

By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing.

[ 381.072016] ————[ cut here ]———— [ 381.072019] xe 0000:00:02.0: [drm] Assertion bb->len * 4 + bb_prefetch(q->gt) <= size failed! platform: LUNARLAKE subplatform: 1 graphics: Xe2_LPG / Xe2_HPG 20.04 step B0 media: Xe2_LPM / Xe2_HPM 20.00 step B0 tile: 0 VRAM 0 B GT: 0 type 1

So here checking if batch buffer already have MI_BATCH_BUFFER_END if not append it.

v2:

  • simply fix, suggestion from Ashutosh

(cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < bcb5be3421705e682b0b32073ad627056d6bc2a2affected
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < 6c10ba06bb1b48acce6d4d9c1e33beb9954f1788affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.11.4 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References