Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-50177— drm/amd/display: fix a UBSAN warning in DML2.1

EPSS 0.02% · P4
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-50177

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
drm/amd/display: fix a UBSAN warning in DML2.1
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursor_width is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as below: [ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34 [ 40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int' [ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024 [ 40.962856] Call Trace: [ 40.962857] <TASK> [ 40.962860] dump_stack_lvl+0x48/0x70 [ 40.962870] dump_stack+0x10/0x20 [ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360 [ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu] [ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu] [ 40.963327] ? srso_alias_return_thunk+0x5/0x7f [ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu] [ 40.963534] ? srso_alias_return_thunk+0x5/0x7f [ 40.963536] ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu] [ 40.963730] dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu] [ 40.963906] ? srso_alias_return_thunk+0x5/0x7f [ 40.963909] ? dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu] [ 40.964078] core_dcn4_mode_support+0x72/0xbf0 [amdgpu] [ 40.964247] dml2_top_optimization_perform_optimization_phase+0x1d3/0x2a0 [amdgpu] [ 40.964420] dml2_build_mode_programming+0x23d/0x750 [amdgpu] [ 40.964587] dml21_validate+0x274/0x770 [amdgpu] [ 40.964761] ? srso_alias_return_thunk+0x5/0x7f [ 40.964763] ? resource_append_dpp_pipes_for_plane_composition+0x27c/0x3b0 [amdgpu] [ 40.964942] dml2_validate+0x504/0x750 [amdgpu] [ 40.965117] ? dml21_copy+0x95/0xb0 [amdgpu] [ 40.965291] ? srso_alias_return_thunk+0x5/0x7f [ 40.965295] dcn401_validate_bandwidth+0x4e/0x70 [amdgpu] [ 40.965491] update_planes_and_stream_state+0x38d/0x5c0 [amdgpu] [ 40.965672] update_planes_and_stream_v3+0x52/0x1e0 [amdgpu] [ 40.965845] ? srso_alias_return_thunk+0x5/0x7f [ 40.965849] dc_update_planes_and_stream+0x71/0xb0 [amdgpu] Fix this by adding a guard for checking cursor width before triggering the size calculation.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于UBSAN警告触发时存在整数溢出问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 70839da6360500a82e4d5f78499284474cbed7c1 ~ 27bc3da5eae57e3af8f5648b4498ffde48781434 -
LinuxLinux 6.11 -

II. Public POCs for CVE-2024-50177

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-50177

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-11-08 · 38 CVEs total

CVE-2024-50203bpf, arm64: Fix address emission with tag-based KASAN enabled
CVE-2024-50194arm64: probes: Fix uprobes for big-endian kernels
CVE-2024-50195posix-clock: Fix missing timespec64 check in pc_clock_settime()
CVE-2024-50196pinctrl: ocelot: fix system hang on level based interrupts
CVE-2024-50197pinctrl: intel: platform: fix error path in device_for_each_child_node()
CVE-2024-50198iio: light: veml6030: fix IIO device retrieval from embedded device
CVE-2024-50199mm/swapfile: skip HugeTLB pages for unuse_vma
CVE-2024-50200maple_tree: correct tree corruption on spanning store
CVE-2024-50201drm/radeon: Fix encoder->possible_clones
CVE-2024-50202nilfs2: propagate directory read errors from nilfs_find_entry()
CVE-2024-50193x86/entry_32: Clear CPU buffers after register restore in NMI return
CVE-2024-50204fs: don't try and remove empty rbtree node
CVE-2024-50205ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
CVE-2024-50206net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
CVE-2024-50207ring-buffer: Fix reader locking when changing the sub buffer order
CVE-2024-50209RDMA/bnxt_re: Add a check for memory allocation
CVE-2024-50208RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
CVE-2024-50210posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
CVE-2024-50211udf: refactor inode_bmap() to handle error
CVE-2024-50184virtio_pmem: Check device status before requesting flush

Showing top 20 of 38 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-50177

No comments yet

Leave a comment