Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-48704— drm/radeon: add a force flush to delay work when radeon

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-48704

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
drm/radeon: add a force flush to delay work when radeon
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs accepted by a Function in > the D3hot state. All other received Requests must be handled as Unsupported Requests, > and all received Completions may optionally be handled as Unexpected Completions. This issue will happen in following logs: Unable to handle kernel paging request at virtual address 00008800e0008010 CPU 0 kworker/0:3(131): Oops 0 pc = [<ffffffff811bea5c>] ra = [<ffffffff81240844>] ps = 0000 Tainted: G W pc is at si_gpu_check_soft_reset+0x3c/0x240 ra is at si_dma_is_lockup+0x34/0xd0 v0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000 t2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258 t5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000 s0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018 s3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000 s6 = fff00007ef07bd98 a0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008 a3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338 t8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800 t11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000 gp = ffffffff81d89690 sp = 00000000aa814126 Disabling lock debugging due to kernel taint Trace: [<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0 [<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290 [<ffffffff80977010>] process_one_work+0x280/0x550 [<ffffffff80977350>] worker_thread+0x70/0x7c0 [<ffffffff80977410>] worker_thread+0x130/0x7c0 [<ffffffff80982040>] kthread+0x200/0x210 [<ffffffff809772e0>] worker_thread+0x0/0x7c0 [<ffffffff80981f8c>] kthread+0x14c/0x210 [<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20 [<ffffffff80981e40>] kthread+0x0/0x210 Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101 <88210000> 4821ed21 So force lockup work queue flush to fix this problem.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于radeon 锁定工作队列可能未完全刷新。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 0bfa4b41268ad5fd741f16f484e4fee190822ec6 ~ b878da58df2c40b08914d3960e2224040fd1fbfe -
LinuxLinux 3.18 -

II. Public POCs for CVE-2022-48704

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-48704

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-03 · 25 CVEs total

CVE-2022-48693soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
CVE-2022-48705wifi: mt76: mt7921e: fix crash in chip reset fail
CVE-2022-48695scsi: mpt3sas: Fix use-after-free warning
CVE-2022-48690ice: Fix DMA mappings leak
CVE-2022-48703thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
CVE-2022-48702ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
CVE-2022-48701ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
CVE-2022-48699sched/debug: fix dentry leak in update_sched_domain_debugfs
CVE-2022-48698drm/amd/display: fix memory leak when using debugfs_lookup()
CVE-2022-48697nvmet: fix a use-after-free
CVE-2022-48696regmap: spi: Reserve space for register address/padding
CVE-2022-48694RDMA/irdma: Fix drain SQ hang with no completion
CVE-2022-48670peci: cpu: Fix use-after-free in adev_release()
CVE-2022-48692RDMA/srp: Set scmnd->result only when scmnd is not NULL
CVE-2022-48691netfilter: nf_tables: clean up hook list when offload flags check fails
CVE-2022-48689tcp: TX zerocopy should not sense pfmemalloc status
CVE-2022-48688i40e: Fix kernel crash during module removal
CVE-2022-48687ipv6: sr: fix out-of-bounds read when setting HMAC data.
CVE-2022-48686nvme-tcp: fix UAF when detecting digest errors
CVE-2022-48675IB/core: Fix a nested dead lock as part of ODP flow

Showing top 20 of 25 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-48704

No comments yet

Leave a comment