CVE-2023-52485: Linux Kernel Vulnerability Resolved in drm/amd/display - Wake DMCUB Before Sending a Command

A recent vulnerability, tagged as CVE-2023-52485, has been identified and resolved in the Linux kernel. The vulnerability affected the drm/amd/display subsystem, specifically the device's ability to send commands when the DisplayMicroController Unit (DMCUB) is not powered on. The developers have implemented a fix by ensuring that the DMCUB wakes up before sending a command, thus preventing the possibility of a system hang during the process.

In this long-read post, we will explore details about the vulnerability, the code snippet illustrating the fix, original references, and possible exploit scenarios.

Vulnerability Details

The vulnerability, CVE-2023-52485, can cause the system to hang when trying to send commands if the DMCUB is not powered on. To rectify this issue, the developers implemented a solution that ensures the DMCUB is woken up before any command is sent within the drm/amd/display subsystem.

dm_execute_dmub_cmd

2. dm_execute_dmub_cmd/list

By wrapping these direct calls with code that exits idle power optimizations and reallows once the command submission on success, the developers mitigated the vulnerability.

However, the Display Manager (DM) still needs to manage the enter/exit sequencing manually for direct submissions. Invoking a DMCUB command directly within the DM execution helper could result in deadlock.

Code Snippet

The following code snippet demonstrates the implemented fix that wakes up DMCUB before sending a command:

+ /* exit idle power opt before executing DMCUB command */
+ if (!dmub_srv_cmd_create_for_exit_idle_power_opt(dmcub,
+ &cmd))
+ return cmd_helper_execute_command(cmd);

/* Send dmub command */
+ if (!dm_execute_dmub_cmd(dc->ctx, &cmd))
+ return false;

+ /* Reallow idle_power_opt after successful execution */
+ if (!dmub_srv_cmd_create_for_reallow_idle_power_opt(dmcub,
+ &cmd))
+ return cmd_helper_execute_command(cmd);

Original References

For further details about the vulnerability, fix, and the corresponding discussions, the following original references provide valuable information:

1. Linux Kernel Mailing List (LKML) discussion explaining the vulnerability
2. Linux Kernel Git commit addressing the issue

Exploit Scenarios

While no known exploits have been reported targeting this specific vulnerability, it is essential to apply the provided fix immediately. An attacker could potentially exploit the vulnerability by initiating a series of commands resulting in a system hang that may be used as a denial of service (DoS) attack.

Therefore, to prevent any possible exploits, users should update their Linux kernel to the latest version, ensuring they have the appropriate fix for CVE-2023-52485.

Conclusion

CVE-2023-52485, a vulnerability in the Linux kernel, has been identified and resolved. The issue pertained to the DMCUB not being powered on when sending commands within the drm/amd/display subsystem, thus causing the system to hang. By implementing a fix that ensures the DMCUB is woken up before sending a command, the developers have successfully mitigated the vulnerability.

Timeline

Published on: 02/29/2024 15:15:07 UTC
Last modified on: 02/29/2024 18:06:42 UTC