CVE-2023-52485 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command [Why] We can hang in place trying to send commands when the DMCUB isn't powered on. [How] For functions that execute within a DC context or DC lock we can wrap the direct calls to dm_execute_dmub_cmd/list with code that exits idle power optimizations and reallows once we're done with the command submission on success. For DM direct submissions the DM will need to manage the enter/exit sequencing manually. We cannot invoke a DMCUB command directly within the DM execution helper or we can deadlock.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009
https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39
https://lore.kernel.org/linux-cve-announce/20240229150009.1525992-2-lee@kernel.org/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2023-52485
https://www.cve.org/CVERecord?id=CVE-2023-52485

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-29T14:57:51.179Z

Updated: 2024-11-13T18:26:57.574Z

Reserved: 2024-02-20T12:30:33.301Z

Link: CVE-2023-52485

Vulnrichment

Updated: 2024-08-02T23:03:19.936Z

NVD

Status : Awaiting Analysis

Published: 2024-02-29T15:15:07.397

Modified: 2024-02-29T18:06:42.010

Link: CVE-2023-52485

Redhat

Severity : Low

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2023-52485 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52485", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.301Z", "datePublished": "2024-02-29T14:57:51.179Z", "dateUpdated": "2024-11-13T18:26:57.574Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:47:46.343Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c", "drivers/gpu/drm/amd/display/dc/bios/command_table2.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/core/dc.c", "drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h", "drivers/gpu/drm/amd/display/dc/dc_helper.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_outbox.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c", "drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hubp.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_dio_link_encoder.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "303197775a97", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "8892780834ae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c", "drivers/gpu/drm/amd/display/dc/bios/command_table2.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/core/dc.c", "drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h", "drivers/gpu/drm/amd/display/dc/dc_helper.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_outbox.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c", "drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hubp.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_dio_link_encoder.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia.c"], "versions": [{"version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009"}, {"url": "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39"}], "title": "drm/amd/display: Wake DMCUB before sending a command", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-05T22:17:04.458995Z", "id": "CVE-2023-52485", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T18:26:57.574Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:19.936Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:19.936Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52485", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T22:17:04.458995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:10.159Z"}}], "cna": {"title": "drm/amd/display: Wake DMCUB before sending a command", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "303197775a97", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "8892780834ae", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c", "drivers/gpu/drm/amd/display/dc/bios/command_table2.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/core/dc.c", "drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h", "drivers/gpu/drm/amd/display/dc/dc_helper.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_outbox.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c", "drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hubp.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_dio_link_encoder.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.7.3", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c", "drivers/gpu/drm/amd/display/dc/bios/command_table2.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c", "drivers/gpu/drm/amd/display/dc/core/dc.c", "drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c", "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.h", "drivers/gpu/drm/amd/display/dc/dc_helper.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_outbox.c", "drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c", "drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hubp.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_dio_link_encoder.c", "drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c", "drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c", "drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009"}, {"url": "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:47:46.343Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52485", "state": "PUBLISHED", "dateUpdated": "2024-11-13T18:26:57.574Z", "dateReserved": "2024-02-20T12:30:33.301Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T14:57:51.179Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: drm/amd/display: Wake DMCUB before sending a command cause deadlock", "id": "2267195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267195"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Wake DMCUB before sending a command\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock."], "name": "CVE-2023-52485", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52485\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52485\nhttps://lore.kernel.org/linux-cve-announce/20240229150009.1525992-2-lee@kernel.org/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 6.7.3, kernel 6.8"}