SB20240608132 - Infinite loop in Linux kernel display amdgpu_dm driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2023-52625)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dcn35_apply_idle_power_optimizations() and dcn35_z10_restore() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dc_dmub_srv_is_hw_pwr_up(), dc_dmub_srv_notify_idle(), dc_dmub_srv_exit_low_power_state() and dc_dmub_srv_set_power_state() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c, within the dm_resume() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f
• https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8