| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 17:59:41 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-26916: Revert "drm/amd: flush any delayed gfxoff on suspend entry"
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd: flush any delayed gfxoff on suspend entry"
commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring
callbacks") caused GFXOFF control to be used more heavily and the
codepath that was removed from commit 0dee72639533 ("drm/amd: flush any
delayed gfxoff on suspend entry") now can be exercised at suspend again.
Users report that by using GNOME to suspend the lockscreen trigger will
cause SDMA traffic and the system can deadlock.
This reverts commit 0dee726395333fea833eaaf838bc80962df886c8.
The Linux kernel CVE team has assigned CVE-2024-26916 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.15.144 with commit f94942885e84 and fixed in 5.15.149 with commit 65158edb0a3a
Issue introduced in 6.1.69 with commit 78b2ba39beef and fixed in 6.1.79 with commit ff70e6ff6fc2
Issue introduced in 6.6.8 with commit 3aae4ef4d799 and fixed in 6.6.18 with commit caa2565a2e13
Issue introduced in 6.7 with commit ab4750332dbe and fixed in 6.7.6 with commit d855ceb6a5fd
Issue introduced in 6.7 with commit ab4750332dbe and fixed in 6.8 with commit 916361685319
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-26916
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/65158edb0a3a8df23197d52cd24287e39eaf95d6
https://git.kernel.org/stable/c/ff70e6ff6fc2413caf33410af7462d1f584d927e
https://git.kernel.org/stable/c/caa2565a2e13899be31f7b1e069e6465d3e2adb0
https://git.kernel.org/stable/c/d855ceb6a5fde668c5431156bc60fae0cc52b764
https://git.kernel.org/stable/c/916361685319098f696b798ef1560f69ed96e934
Powered by blists - more mailing lists