CVE-2024-40916 - OpenCVE

Link	Providers
https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f
https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9
https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632
https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028
https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab
https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec
https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222
https://lore.kernel.org/linux-cve-announce/2024071211-CVE-2024-40916-845e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40916
https://www.cve.org/CVERecord?id=CVE-2024-40916

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Weaknesses		CWE-617
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40916", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.581Z", "datePublished": "2024-07-12T12:24:59.429Z", "dateUpdated": "2024-11-05T09:33:05.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:33:05.223Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/exynos/exynos_hdmi.c"], "versions": [{"version": "348aa3d47e8b", "lessThan": "e23f2eaf51ec", "status": "affected", "versionType": "git"}, {"version": "a8cb3b072403", "lessThan": "4dfffb50316c", "status": "affected", "versionType": "git"}, {"version": "912c149a52c3", "lessThan": "6d6bb258d886", "status": "affected", "versionType": "git"}, {"version": "8f914db6fe25", "lessThan": "c3ca24dfe9a2", "status": "affected", "versionType": "git"}, {"version": "b71ae5fb2dd3", "lessThan": "35bcf16b4a28", "status": "affected", "versionType": "git"}, {"version": "13d5b040363c", "lessThan": "510a6c0dfa6e", "status": "affected", "versionType": "git"}, {"version": "13d5b040363c", "lessThan": "799d4b392417", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/exynos/exynos_hdmi.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222"}, {"url": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9"}, {"url": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028"}, {"url": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec"}, {"url": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f"}, {"url": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632"}, {"url": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab"}], "title": "drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.397Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:46.451559Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:04.124Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.397Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:46.451559Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.348Z"}}], "cna": {"title": "drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "348aa3d47e8b", "lessThan": "e23f2eaf51ec", "versionType": "git"}, {"status": "affected", "version": "a8cb3b072403", "lessThan": "4dfffb50316c", "versionType": "git"}, {"status": "affected", "version": "912c149a52c3", "lessThan": "6d6bb258d886", "versionType": "git"}, {"status": "affected", "version": "8f914db6fe25", "lessThan": "c3ca24dfe9a2", "versionType": "git"}, {"status": "affected", "version": "b71ae5fb2dd3", "lessThan": "35bcf16b4a28", "versionType": "git"}, {"status": "affected", "version": "13d5b040363c", "lessThan": "510a6c0dfa6e", "versionType": "git"}, {"status": "affected", "version": "13d5b040363c", "lessThan": "799d4b392417", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/exynos/exynos_hdmi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9"}, {"status": "unaffected", "version": "0", "lessThan": "6.9", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.279", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/exynos/exynos_hdmi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222"}, {"url": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9"}, {"url": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028"}, {"url": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec"}, {"url": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f"}, {"url": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632"}, {"url": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:24.251Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40916", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:04.124Z", "dateReserved": "2024-07-12T12:17:45.581Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:24:59.429Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/exynos: hdmi: informa el modo seguro 640x480 como respaldo cuando no se encuentra EDID Cuando falla la lectura de EDID y el controlador informa que no hay modos disponibles, el n\u00facleo DRM agrega un modo artificial de 1024x786 al conector. Desafortunadamente, algunas variantes del Exynos HDMI (como la de los SoC Exynos4) no pueden controlar dicho modo, por lo que informa un modo seguro de 640x480 en lugar de nada en caso de falla en la lectura de EDID. Esto soluciona el siguiente problema observado en la placa Trats2 desde El commit 13d5b040363c (\"drm/exynos: no devuelve valores negativos de .get_modes()\"): [drm] Exynos DRM: uso del dispositivo 11c00000.fimd para operaciones de mapeo DMA exynos-drm exynos -drm: enlazado 11c00000.fimd (ops fimd_component_ops) exynos-drm exynos-drm: enlazado 12c10000.mixer (ops Mixer_component_ops) exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Dispositivo s6e8aa0 adjunto (carriles:4 bpp:24 modo- flags:0x10b) exynos-drm exynos-drm: enlazado 11c80000.dsi (ops exynos_dsi_component_ops) exynos-drm exynos-drm: enlazado 12d00000.hdmi (ops hdmi_component_ops) [drm] Inicializado exynos 1.1.0 20180330 para exynos-drm en menor 1 exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL no pudo alcanzar el estado estable panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c exynos-mixer 12c10000.mixer: tiempo de espera de espera para VSYNC ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 1 PID: 11 en drivers/gpu/drm/drm_atomic_helper.c :1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 [CRTC:70:crtc-1] Se agot\u00f3 el tiempo de espera de vblank M\u00f3dulos vinculados en: CPU: 1 PID: 11 Comm: kworker/u16:0 No contaminado 6.9.0-rc5-next -20240424 #14913 Nombre de hardware: Samsung Exynos (\u00e1rbol de dispositivos aplanados) Cola de trabajo: events_unbound deferred_probe_work_func Rastreo de llamadas: unwind_backtrace de show_stack+0x10/0x14 show_stack de dump_stack_lvl+0x68/0x88 dump_stack_lvl de __warn+0x7c/0x1c4 de warn_slowpath_fmt+0x11c/0x1a8 warn_slowpath_fmt de drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 drm_atomic_helper_wait_for_vblanks.part.0 de drm_atomic_helper_commit_tail_rpm+0x7c/0x8c drm_atomic_helper_commit_tail_rpm de commit_tail+0x9c/0x184 commit_tail de drm_atomic_helper _commit+0x168/0x190 drm_atomic_helper_commit de drm_atomic_commit+0xb4/0xe0 drm_atomic_commit de drm_client_modeset_commit_atomic+0x23c/0x27c drm_client_modeset_commit_atomic de drm_client_modeset_commit_locked+0x60/0x1cc drm_client_modeset_commit_locked de drm_client_modeset_commit+0x24/0x40 drm_client_modeset_commit de __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4 restaurar_fbdev_mode_unlocked de drm_fb_helper_set_par+0x2c/0x3c drm_fb_helper_set_par de fbcon_init+0x3d8/0x550 fbcon_init de visual_init+0xc0/0x108 visual_init de do_bind_con_driver+0x1b8/0x3a4 r de do_take_over_console+0x140/0x1ec do_take_over_console de do_fbcon_takeover+0x70/0xd0 do_fbcon_takeover de fbcon_fb_registered+0x19c/0x1ac fbcon_fb_registered de Register_framebuffer+0x190/0x21c Register_framebuffer de __drm_fb_helper_initial _config_and_unlock+0x350/0x574 __drm_fb_helper_initial_config_and_unlock de exynos_drm_fbdev_client_hotplug+0x6c/0xb0 exynos_drm_fbdev_client_hotplug de drm_client_register+0x58/0x94 drm_client_register de exynos_drm_bind +0x160/0x190 exynos_drm_bind de try_to_bring_up_aggregate_device+0x200/0x2d8 try_to_bring_up_aggregate_device de __component_add+0xb0/0x170 __component_add de Mixer_probe+0x74/0xcc Mixer_probe de platform_probe+0x5c/0x b8 platform_probe de Actually_probe+0xe0/0x3d8realmente_probe de __driver_probe_device+0x9c/0x1e4 __driver_probe_device de driver_probe_device+ 0x30/0xc0 driver_probe_device de __device_attach_driver+0xa8/0x120 __device_attach_driver de bus_for_each_drv+0x80/0xcc bus_for_each_drv de __device_attach+0xac/0x1fc __device_attach de bus_probe_device+0x8c/0x90 _dispositivo de diferido_probe_work_func+0 ---truncado---"}], "id": "CVE-2024-40916", "lastModified": "2024-07-12T16:34:58.687", "metrics": {}, "published": "2024-07-12T13:15:14.730", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/35bcf16b4a28c10923ff391d14f6ed0ae471ee5f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4dfffb50316c761c59386c9b002a10ac6d7bb6c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/510a6c0dfa6ec61d07a4b64698d8dc60045bd632"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6d6bb258d886e124e5a5328e947b36fdcb3a6028"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/799d4b392417ed6889030a5b2335ccb6dcf030ab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c3ca24dfe9a2b3f4e8899af108829b0f4b4b15ec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e23f2eaf51ecb6ab4ceb770e747d50c1db2eb222"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found", "id": "2297500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297500"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-617", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\nunwind_backtrace from show_stack+0x10/0x14\nshow_stack from dump_stack_lvl+0x68/0x88\ndump_stack_lvl from __warn+0x7c/0x1c4\n__warn from warn_slowpath_fmt+0x11c/0x1a8\nwarn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\ndrm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\ndrm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\ncommit_tail from drm_atomic_helper_commit+0x168/0x190\ndrm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\ndrm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\ndrm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\ndrm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\ndrm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n__drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\ndrm_fb_helper_set_par from fbcon_init+0x3d8/0x550\nfbcon_init from visual_init+0xc0/0x108\nvisual_init from do_bind_con_driver+0x1b8/0x3a4\ndo_bind_con_driver from do_take_over_console+0x140/0x1ec\ndo_take_over_console from do_fbcon_takeover+0x70/0xd0\ndo_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\nfbcon_fb_registered from register_framebuffer+0x190/0x21c\nregister_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n__drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\nexynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\ndrm_client_register from exynos_drm_bind+0x160/0x190\nexynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\ntry_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n__component_add from mixer_probe+0x74/0xcc\nmixer_probe from platform_probe+0x5c/0xb8\nplatform_probe from really_probe+0xe0/0x3d8\nreally_probe from __driver_probe_device+0x9c/0x1e4\n__driver_probe_device from driver_probe_device+0x30/0xc0\ndriver_probe_device from __device_attach_driver+0xa8/0x120\n__device_attach_driver from bus_for_each_drv+0x80/0xcc\nbus_for_each_drv from __device_attach+0xac/0x1fc\n__device_attach from bus_probe_device+0x8c/0x90\nbus_probe_device from deferred_probe_work_func+0\n---truncated---"], "name": "CVE-2024-40916", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40916\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40916\nhttps://lore.kernel.org/linux-cve-announce/2024071211-CVE-2024-40916-845e@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object