CVE-2023-52625

drm/amd/display: Refactor DMCUB enter/exit idle interface

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Refactor DMCUB enter/exit idle interface

[Why]
We can hang in place trying to send commands when the DMCUB isn't
powered on.

[How]
We need to exit out of the idle state prior to sending a command,
but the process that performs the exit also invokes a command itself.

Fixing this issue involves the following:

1. Using a software state to track whether or not we need to start
the process to exit idle or notify idle.

It's possible for the hardware to have exited an idle state without
driver knowledge, but entering one is always restricted to a driver
allow - which makes the SW state vs HW state mismatch issue purely one
of optimization, which should seldomly be hit, if at all.

2. Refactor any instances of exit/notify idle to use a single wrapper
that maintains this SW state.

This works simialr to dc_allow_idle_optimizations, but works at the
DMCUB level and makes sure the state is marked prior to any notify/exit
idle so we don't enter an infinite loop.

3. Make sure we exit out of idle prior to sending any commands or
waiting for DMCUB idle.

This patch takes care of 1/2. A future patch will take care of wrapping
DMCUB command submission with calls to this new interface.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Refactor DMCUB entra/sale de la interfaz inactiva [Por qué] Podemos quedarnos quietos intentando enviar comandos cuando el DMCUB no está encendido. [Cómo] Necesitamos salir del estado inactivo antes de enviar un comando, pero el proceso que realiza la salida también invoca un comando en sí. Solucionar este problema implica lo siguiente: 1. Usar un estado de software para rastrear si necesitamos o no iniciar el proceso para salir de inactivo o notificarlo. Es posible que el hardware haya salido de un estado inactivo sin el conocimiento del controlador, pero ingresar a uno siempre está restringido a un permiso del controlador, lo que hace que el problema de discrepancia entre el estado del SW y el estado del HW sea puramente de optimización, que rara vez debería solucionarse, en todo caso. . 2. Refactorice cualquier instancia de salida/notificación inactiva para utilizar un contenedor único que mantenga este estado de software. Esto funciona de manera similar a dc_allow_idle_optimizations, pero funciona en el nivel DMCUB y garantiza que el estado esté marcado antes de cualquier notificación/salida inactiva para que no entremos en un bucle infinito. 3. Asegúrese de salir del modo inactivo antes de enviar cualquier comando o esperar a que DMCUB esté inactivo. Este parche se ocupa de la mitad. Un parche futuro se encargará de empaquetar el envío de comandos DMCUB con llamadas a esta nueva interfaz.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-03-26 CVE Published
2024-03-27 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f	2024-02-01
https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa	2023-12-19

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52625	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2271682	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8"		en		Affected