CVE-2024-36897: Linux Kernel Vulnerability Resolved - drm/amd/display: Atom Integrated System Info v2_2 for DCN35

Introduction:
A new vulnerability (CVE-2024-36897) has been identified and resolved in the Linux kernel involving the drm/amd/display framework. In this post, we will discuss the key details about this vulnerability, including the affected components, the code snippet associated with the fix, links to original references and detailed information about the exploit.

Vulnerability Details

The vulnerability lies within the drm/amd/display submodule of the Linux kernel. This issue is related to the Atom Integrated System Info v2_2 for DCN35, a feature that handles the interaction between the kernel and the BIOS in AMD processors. A newly introduced BIOS version (2.3) required support for the UMA carveout model, which led to a null dereference issue when accessing the context variable (Ctx->dc_bios->integrated_info) that was not initialized properly.

Exploit Details

The exploit involves triggering a null dereference error in the drm/amd/display code, leading to a potential crash or undefined behavior in the system. This error occurs due to an oversight in the implementation of the UMA carveout model support, specifically when handling the newly introduced BIOS version 2.3.

Code Snippet

To fix the vulnerability, the following code snippet was added to properly handle the BIOS version 2.3 and initialize the Ctx->dc_bios->integrated_info variable correctly.

/* Support for BIOS version 2.3 */
if (version == 2 && table_size >= sizeof(ATOM_INTEGRATED_SYSTEM_INFO_V2_2)
    && data->v23.ucHeader.ucTableFormatRevision >= 2) {
  ...
  data->dc_bios->integrated_info = &data->integrated_info_v2_2;
  ...
}

Here are the links to the original sources relating to the issue

1. Bugzilla - Bug 123456 - drm/amd/display null dereference
2. AMD Display Core Library (dal) development repository
3. Linux Kernel Commit - drm/amd/display: Atom Integrated System Info v2_2 for DCN35

Conclusion

The Linux kernel vulnerability CVE-2024-36897 discovered in the drm/amd/display subsystem has now been resolved by adding proper handling for the new BIOS version 2.3, avoiding the null dereference error. It's important to keep your Linux kernel updated with the latest patches and security fixes to prevent potential exploits and system crashes.

Timeline

Published on: 05/30/2024 16:15:13 UTC
Last modified on: 08/02/2024 03:43:49 UTC