| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix page fault due to max surface definition mismatch\n\nDC driver is using two different values to define the maximum number of\nsurfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as\nthe unique definition for surface updates across DC.\n\nIt fixes page fault faced by Cosmic users on AMD display versions that\nsupport two overlay planes, since the introduction of cursor overlay\nmode.\n\n[Nov26 21:33] BUG: unable to handle page fault for address: 0000000051d0f08b\n[ +0.000015] #PF: supervisor read access in kernel mode\n[ +0.000006] #PF: error_code(0x0000) - not-present page\n[ +0.000005] PGD 0 P4D 0\n[ +0.000007] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 4 PID: 71 Comm: kworker/u32:6 Not tainted 6.10.0+ #300\n[ +0.000006] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024\n[ +0.000007] Workqueue: events_unbound commit_work [drm_kms_helper]\n[ +0.000040] RIP: 0010:copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu]\n[ +0.000847] Code: 8b 10 49 89 94 24 f8 00 00 00 48 8b 50 08 49 89 94 24 00 01 00 00 8b 40 10 41 89 84 24 08 01 00 00 49 8b 45 78 48 85 c0 74 0b <0f> b6 00 41 88 84 24 90 64 00 00 49 8b 45 60 48 85 c0 74 3b 48 8b\n[ +0.000010] RSP: 0018:ffffc203802f79a0 EFLAGS: 00010206\n[ +0.000009] RAX: 0000000051d0f08b RBX: 0000000000000004 RCX: ffff9f964f0a8070\n[ +0.000004] RDX: ffff9f9710f90e40 RSI: ffff9f96600c8000 RDI: ffff9f964f000000\n[ +0.000004] RBP: ffffc203802f79f8 R08: 0000000000000000 R09: 0000000000000000\n[ +0.000005] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9f96600c8000\n[ +0.000004] R13: ffff9f9710f90e40 R14: ffff9f964f000000 R15: ffff9f96600c8000\n[ +0.000004] FS: 0000000000000000(0000) GS:ffff9f9970000000(0000) knlGS:0000000000000000\n[ +0.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000005] CR2: 0000000051d0f08b CR3: 00000002e6a20000 CR4: 0000000000350ef0\n[ +0.000005] Call Trace:\n[ +0.000011] <TASK>\n[ +0.000010] ? __die_body.cold+0x19/0x27\n[ +0.000012] ? page_fault_oops+0x15a/0x2d0\n[ +0.000014] ? exc_page_fault+0x7e/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu]\n[ +0.000739] ? dc_commit_state_no_check+0xd6c/0xe70 [amdgpu]\n[ +0.000470] update_planes_and_stream_state+0x49b/0x4f0 [amdgpu]\n[ +0.000450] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? commit_minimal_transition_state+0x239/0x3d0 [amdgpu]\n[ +0.000446] update_planes_and_stream_v2+0x24a/0x590 [amdgpu]\n[ +0.000464] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? sort+0x31/0x50\n[ +0.000007] ? amdgpu_dm_atomic_commit_tail+0x159f/0x3a30 [amdgpu]\n[ +0.000508] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? amdgpu_crtc_get_scanout_position+0x28/0x40 [amdgpu]\n[ +0.000377] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? drm_crtc_vblank_helper_get_vblank_timestamp_internal+0x160/0x390 [drm]\n[ +0.000058] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? dma_fence_default_wait+0x8c/0x260\n[ +0.000010] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? wait_for_completion_timeout+0x13b/0x170\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? dma_fence_wait_timeout+0x108/0x140\n[ +0.000010] ? commit_tail+0x94/0x130 [drm_kms_helper]\n[ +0.000024] ? process_one_work+0x177/0x330\n[ +0.000008] ? worker_thread+0x266/0x3a0\n[ +0.000006] ? __pfx_worker_thread+0x10/0x10\n[ +0.000004] ? kthread+0xd2/0x100\n[ +0.000006] ? __pfx_kthread+0x10/0x10\n[ +0.000006] ? ret_from_fork+0x34/0x50\n[ +0.000004] ? __pfx_kthread+0x10/0x10\n[ +0.000005] ? ret_from_fork_asm+0x1a/0x30\n[ +0.000011] </TASK>\n\n(cherry picked from commit 1c86c81a86c60f9b15d3e3f43af0363cf56063e7)" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/gpu/drm/amd/display/dc/core/dc.c", |
| "drivers/gpu/drm/amd/display/dc/core/dc_state.c", |
| "drivers/gpu/drm/amd/display/dc/dc.h", |
| "drivers/gpu/drm/amd/display/dc/dc_stream.h", |
| "drivers/gpu/drm/amd/display/dc/dc_types.h", |
| "drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c" |
| ], |
| "versions": [ |
| { |
| "version": "1b04dcca4fb10dd3834893a60de74edd99f2bfaf", |
| "lessThan": "37b8de96ae48c7bb1a17cd5585195c43fcacbe94", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1b04dcca4fb10dd3834893a60de74edd99f2bfaf", |
| "lessThan": "7de8d5c90be9ad9f6575e818a674801db2ada794", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/gpu/drm/amd/display/dc/core/dc.c", |
| "drivers/gpu/drm/amd/display/dc/core/dc_state.c", |
| "drivers/gpu/drm/amd/display/dc/dc.h", |
| "drivers/gpu/drm/amd/display/dc/dc_stream.h", |
| "drivers/gpu/drm/amd/display/dc/dc_types.h", |
| "drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c" |
| ], |
| "versions": [ |
| { |
| "version": "6.11", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "6.11", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.10", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.11", |
| "versionEndExcluding": "6.12.10" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.11", |
| "versionEndExcluding": "6.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/37b8de96ae48c7bb1a17cd5585195c43fcacbe94" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/7de8d5c90be9ad9f6575e818a674801db2ada794" |
| } |
| ], |
| "title": "drm/amd/display: fix page fault due to max surface definition mismatch", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-57918", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
