| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052017-CVE-2024-35952-645b@gregkh> Date: Mon, 20 May 2024 11:42:17 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-35952: drm/ast: Fix soft lockup Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC. These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status. DPMCU is used to control DP and relative registers to handshake with host's VGA driver. Even the most time-consuming task, DP's link training, is less than 100ms. 200ms should be enough. The Linux kernel CVE team has assigned CVE-2024-35952 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 594e9c04b586 and fixed in 6.1.87 with commit 8a6fea3fcb57 Issue introduced in 5.19 with commit 594e9c04b586 and fixed in 6.6.28 with commit a81b2acd43e2 Issue introduced in 5.19 with commit 594e9c04b586 and fixed in 6.8.7 with commit 35768baf0fdf Issue introduced in 5.19 with commit 594e9c04b586 and fixed in 6.9 with commit bc004f503822 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-35952 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/ast/ast_dp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fb https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066 https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294 https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109
Powered by blists - more mailing lists