CVE-2023-52625

CVE Details

Release Date:

2024-03-26

Description

In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Refactor DMCUB enter/exit idle interface\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n[How]\nWe need to exit out of the idle state prior to sending a command,\nbut the process that performs the exit also invokes a command itself.\nFixing this issue involves the following:\n1. Using a software state to track whether or not we need to start\nthe process to exit idle or notify idle.\nIt's possible for the hardware to have exited an idle state without\ndriver knowledge, but entering one is always restricted to a driver\nallow - which makes the SW state vs HW state mismatch issue purely one\nof optimization, which should seldomly be hit, if at all.\n2. Refactor any instances of exit/notify idle to use a single wrapper\nthat maintains this SW state.\nThis works simialr to dc_allow_idle_optimizations, but works at the\nDMCUB level and makes sure the state is marked prior to any notify/exit\nidle so we don't enter an infinite loop.\n3. Make sure we exit out of idle prior to sending any commands or\nwaiting for DMCUB idle.\nThis patch takes care of 1/2. A future patch will take care of wrapping\nDMCUB command submission with calls to this new interface.

See more information about CVE-2023-52625 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14