SB20241022336 - Input validation error in Linux kernel dml dcn20 driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-49892)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/f921335123f6620c3dce5c96fbb95f18524a021c
• https://git.kernel.org/stable/c/1f9f8186e239222f1c8d3dd73bf3bc6ae86c5e76
• https://git.kernel.org/stable/c/a23d6029e730f8a151b1a34afb169baac1274583
• https://git.kernel.org/stable/c/c7630935d9a4986e8c0ed91658a781b7a77d73f7
• https://git.kernel.org/stable/c/bc00d211da4ffad5314a2043b50bdc8ff8a33724
• https://git.kernel.org/stable/c/3334ab72cbba55a632f24579cd47c4a4e5e69cda
• https://git.kernel.org/stable/c/4067f4fa0423a89fb19a30b57231b384d77d2610
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.285
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55