CVE-2024-26721
drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS
register") defines a new macro to calculate the DSC PPS register
addresses with PPS number as an input. This macro correctly calculates
the addresses till PPS 11 since the addresses increment by 4. So in that
case the following macro works correctly to give correct register
address:
_MMIO(_DSCA_PPS_0 + (pps) * 4)
However after PPS 11, the register address for PPS 12 increments by 12
because of RC Buffer memory allocation in between. Because of this
discontinuity in the address space, the macro calculates wrong addresses
for PPS 12 - 16 resulting into incorrect DSC PPS parameter value
read/writes causing DSC corruption.
This fixes it by correcting this macro to add the offset of 12 for PPS
>=12.
v3: Add correct paranthesis for pps argument (Jani Nikula)
(cherry picked from commit 6074be620c31dc2ae11af96a1a5ea95580976fb5)
En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/i915/dsc: corrige la macro que calcula la dirección de registro DSCC_/DSCA_ PPS Commit bd077259d0a9 ("drm/i915/vdsc: Agregar función para leer cualquier registro PPS") define un Nueva macro para calcular las direcciones de registro DSC PPS con el número PPS como entrada. Esta macro calcula correctamente las direcciones hasta PPS 11 ya que las direcciones se incrementan en 4. Entonces, en ese caso, la siguiente macro funciona correctamente para proporcionar la dirección de registro correcta: _MMIO(_DSCA_PPS_0 + (pps) * 4) Sin embargo, después de PPS 11, la dirección de registro para PPS 12 se incrementa en 12 debido a la asignación de memoria del búfer RC en el medio. Debido a esta discontinuidad en el espacio de direcciones, la macro calcula direcciones incorrectas para PPS 12 - 16, lo que genera lecturas/escrituras incorrectas del valor del parámetro PPS de DSC, lo que provoca corrupción de DSC. Esto se soluciona corrigiendo esta macro para agregar el desplazamiento de 12 para PPS >=12. v3: agregue paréntesis correcto para el argumento pps (Jani Nikula) (seleccionado del commit 6074be620c31dc2ae11af96a1a5ea95580976fb5)
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-03 CVE Published
- 2024-04-04 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/bd077259d0a9c9bf453e7e9751bf41f1996e6585 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/ff5999fb03f467e1e7159f0ddb199c787f7512b9 | 2024-02-23 | |
https://git.kernel.org/stable/c/962ac2dce56bb3aad1f82a4bbe3ada57a020287c | 2024-02-12 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.6" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8" | en |
Affected
|