CVE-2024-53108
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Adjust VSDB parser for replay feature
At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN:
[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383
…
[ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ==================================================================
This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size.
(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4 < 0a326fbc8f72a320051f27328d4d4e7abdfe68d7 | affected |
| Linux | Linux | ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4 < 8db867061f4c76505ad62422b65d666b45289217 | affected |
| Linux | Linux | ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4 < 16dd2825c23530f2259fc671960a3a65d2af69bd | affected |
| Linux | Linux | 6.6 | affected |
| Linux | Linux | 0 < 6.6 | unaffected |
| Linux | Linux | 6.6.63 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.10 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7
- https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217
- https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.