1.7 KiB
CVE-2024-53108
Description
In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Adjust VSDB parser for replay featureAt some point, the IEEE ID identification for the replay check in theAMD EDID was added. However, this check causes the followingout-of-bounds issues when using KASAN:[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu][ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383...[ 27.821207] Memory state around the buggy address:[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc[ 27.821243] ^[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[ 27.821268] ==================================================================This is caused because the ID extraction happens outside of the range ofthe edid lenght. This commit addresses this issue by considering theamd_vsdb_block size.(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)
POC
Reference
No PoCs from references.