CVE-2024-40916

CVE Details

Release Date:2024-07-12

Description


In the Linux kernel, the following vulnerability has been resolved:\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c ('drm/exynos: do not return negative values from .get_modes()'):\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\nunwind_backtrace from show_stack+0x10/0x14\nshow_stack from dump_stack_lvl+0x68/0x88\ndump_stack_lvl from __warn+0x7c/0x1c4\n__warn from warn_slowpath_fmt+0x11c/0x1a8\nwarn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\ndrm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\ndrm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\ncommit_tail from drm_atomic_helper_commit+0x168/0x190\ndrm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\ndrm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\ndrm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\ndrm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\ndrm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n__drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\ndrm_fb_helper_set_par from fbcon_init+0x3d8/0x550\nfbcon_init from visual_init+0xc0/0x108\nvisual_init from do_bind_con_driver+0x1b8/0x3a4\ndo_bind_con_driver from do_take_over_console+0x140/0x1ec\ndo_take_over_console from do_fbcon_takeover+0x70/0xd0\ndo_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\nfbcon_fb_registered from register_framebuffer+0x190/0x21c\nregister_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n__drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\nexynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\ndrm_client_register from exynos_drm_bind+0x160/0x190\nexynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\ntry_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n__component_add from mixer_probe+0x74/0xcc\nmixer_probe from platform_probe+0x5c/0xb8\nplatform_probe from really_probe+0xe0/0x3d8\nreally_probe from __driver_probe_device+0x9c/0x1e4\n__driver_probe_device from driver_probe_device+0x30/0xc0\ndriver_probe_device from __device_attach_driver+0xa8/0x120\n__device_attach_driver from bus_for_each_drv+0x80/0xcc\nbus_for_each_drv from __device_attach+0xac/0x1fc\n__device_attach from bus_probe_device+0x8c/0x90\nbus_probe_device from deferred_probe_work_func+0\n---truncated---

See more information about CVE-2024-40916 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-125852024-08-12
Oracle Linux version 8 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-125842024-08-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete