CVE-2023-52817
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log: 1. Navigate to the directory: /sys/kernel/debug/dri/0 2. Execute command: cat amdgpu_regs_smc 3. Exception Log:: [4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000 [4005007.702562] #PF: supervisor instruction fetch in kernel mode [4005007.702567] #PF: error_code(0x0010) - not-present page [4005007.702570] PGD 0 P4D 0 [4005007.702576] Oops: 0010 [#1] SMP NOPTI [4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u [4005007.702590] RIP: 0010:0x0 [4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206 [4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68 [4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000 [4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980 [4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000 [4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000 [4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000 [4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0 [4005007.702633] Call Trace: [4005007.702636] <TASK> [4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu] [4005007.703002] full_proxy_read+0x5c/0x80 [4005007.703011] vfs_read+0x9f/0x1a0 [4005007.703019] ksys_read+0x67/0xe0 [4005007.703023] __x64_sys_read+0x19/0x20 [4005007.703028] do_syscall_64+0x5c/0xc0 [4005007.703034] ? do_user_addr_fault+0x1e3/0x670 [4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0 [4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20 [4005007.703052] ? irqentry_exit+0x19/0x30 [4005007.703057] ? exc_page_fault+0x89/0x160 [4005007.703062] ? asm_exc_page_fault+0x8/0x30 [4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae [4005007.703075] RIP: 0033:0x7f5e07672992 [4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24 [4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992 [4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003 [4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010 [4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000 [4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 [4005007.703105] </TASK> [4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca [4005007.703184] CR2: 0000000000000000 [4005007.703188] ---[ en ---truncated---
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-7001.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:7001
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-7000.html
Vendor advisory: alma — https://bugzilla.redhat.com/2306365
Vendor advisory: alma — https://bugzilla.redhat.com/2305488
Vendor advisory: alma — https://bugzilla.redhat.com/2305467
Vendor advisory: alma — https://bugzilla.redhat.com/2305410
Vendor advisory: alma — https://bugzilla.redhat.com/2303514
Vendor advisory: alma — https://bugzilla.redhat.com/2303508
Vendor advisory: alma — https://bugzilla.redhat.com/2303506
Vendor advisory: alma — https://bugzilla.redhat.com/2303505
Vendor advisory: alma — https://bugzilla.redhat.com/2303077
Vendor advisory: alma — https://bugzilla.redhat.com/2301544
Vendor advisory: alma — https://bugzilla.redhat.com/2301543
Vendor advisory: alma — https://bugzilla.redhat.com/2301522
Vendor advisory: alma — https://bugzilla.redhat.com/2301519
Vendor advisory: alma — https://bugzilla.redhat.com/2301496
Vendor advisory: alma — https://bugzilla.redhat.com/2301489
Vendor advisory: alma — https://bugzilla.redhat.com/2301477
Vendor advisory: alma — https://bugzilla.redhat.com/2300713
Vendor advisory: alma — https://bugzilla.redhat.com/2300709
Vendor advisory: alma — https://bugzilla.redhat.com/2300552
Vendor advisory: alma — https://bugzilla.redhat.com/2300533
Vendor advisory: alma — https://bugzilla.redhat.com/2300492
Vendor advisory: alma — https://bugzilla.redhat.com/2300453
Vendor advisory: alma — https://bugzilla.redhat.com/2300448
Vendor advisory: alma — https://bugzilla.redhat.com/2300440
Vendor advisory: alma — https://bugzilla.redhat.com/2300439
Vendor advisory: alma — https://bugzilla.redhat.com/2300434
Vendor advisory: alma — https://bugzilla.redhat.com/2300430
Vendor advisory: alma — https://bugzilla.redhat.com/2300429
Vendor advisory: alma — https://bugzilla.redhat.com/2300414
Vendor advisory: alma — https://bugzilla.redhat.com/2300410
Vendor advisory: alma — https://bugzilla.redhat.com/2300409
Vendor advisory: alma — https://bugzilla.redhat.com/2300408
Vendor advisory: alma — https://bugzilla.redhat.com/2300407
Vendor advisory: alma — https://bugzilla.redhat.com/2300402
Vendor advisory: alma — https://bugzilla.redhat.com/2300381
Vendor advisory: alma — https://bugzilla.redhat.com/2300297
Vendor advisory: alma — https://bugzilla.redhat.com/2300296
Vendor advisory: alma — https://bugzilla.redhat.com/2299452
Vendor advisory: alma — https://bugzilla.redhat.com/2299336
Vendor advisory: alma — https://bugzilla.redhat.com/2299240
Vendor advisory: alma — https://bugzilla.redhat.com/2298640
Vendor advisory: alma — https://bugzilla.redhat.com/2298177
Vendor advisory: alma — https://bugzilla.redhat.com/2298140
Vendor advisory: alma — https://bugzilla.redhat.com/2298079
Vendor advisory: alma — https://bugzilla.redhat.com/2297909
Vendor advisory: alma — https://bugzilla.redhat.com/2297706
Vendor advisory: alma — https://bugzilla.redhat.com/2297589
Vendor advisory: alma — https://bugzilla.redhat.com/2297582
Vendor advisory: alma — https://bugzilla.redhat.com/2297581
Vendor advisory: alma — https://bugzilla.redhat.com/2297579
Vendor advisory: alma — https://bugzilla.redhat.com/2297573
Vendor advisory: alma — https://bugzilla.redhat.com/2297572
Vendor advisory: alma — https://bugzilla.redhat.com/2297562
Vendor advisory: alma — https://bugzilla.redhat.com/2297561
Vendor advisory: alma — https://bugzilla.redhat.com/2297556
Vendor advisory: alma — https://bugzilla.redhat.com/2297544
Vendor advisory: alma — https://bugzilla.redhat.com/2297543
Vendor advisory: alma — https://bugzilla.redhat.com/2297542
Vendor advisory: alma — https://bugzilla.redhat.com/2297538
Vendor advisory: alma — https://bugzilla.redhat.com/2297525
Vendor advisory: alma — https://bugzilla.redhat.com/2297515
Vendor advisory: alma — https://bugzilla.redhat.com/2297513
Vendor advisory: alma — https://bugzilla.redhat.com/2297496
Vendor advisory: alma — https://bugzilla.redhat.com/2297495
Vendor advisory: alma — https://bugzilla.redhat.com/2297488
Vendor advisory: alma — https://bugzilla.redhat.com/2297478
Vendor advisory: alma — https://bugzilla.redhat.com/2297473
Vendor advisory: alma — https://bugzilla.redhat.com/2297471
Vendor advisory: alma — https://bugzilla.redhat.com/2294313
Vendor advisory: alma — https://bugzilla.redhat.com/2293658
Vendor advisory: alma — https://bugzilla.redhat.com/2293441
Vendor advisory: alma — https://bugzilla.redhat.com/2293440
Vendor advisory: alma — https://bugzilla.redhat.com/2293423
Vendor advisory: alma — https://bugzilla.redhat.com/2293414
Vendor advisory: alma — https://bugzilla.redhat.com/2293408
Vendor advisory: alma — https://bugzilla.redhat.com/2293377
Vendor advisory: alma — https://bugzilla.redhat.com/2293304
Vendor advisory: alma — https://bugzilla.redhat.com/2293273
Vendor advisory: alma — https://bugzilla.redhat.com/2293270
Vendor advisory: alma — https://bugzilla.redhat.com/2293247
Vendor advisory: alma — https://bugzilla.redhat.com/2284634
Vendor advisory: alma — https://bugzilla.redhat.com/2284630
Vendor advisory: alma — https://bugzilla.redhat.com/2284628
Vendor advisory: alma — https://bugzilla.redhat.com/2284596
Vendor advisory: alma — https://bugzilla.redhat.com/2284545
Vendor advisory: alma — https://bugzilla.redhat.com/2284515
Vendor advisory: alma — https://bugzilla.redhat.com/2284511
Vendor advisory: alma — https://bugzilla.redhat.com/2284271
Vendor advisory: alma — https://bugzilla.redhat.com/2283424
Vendor advisory: alma — https://bugzilla.redhat.com/2283389
Vendor advisory: alma — https://bugzilla.redhat.com/2282918
Vendor advisory: alma — https://bugzilla.redhat.com/2282903
Vendor advisory: alma — https://bugzilla.redhat.com/2282890
Vendor advisory: alma — https://bugzilla.redhat.com/2282851
Vendor advisory: alma — https://bugzilla.redhat.com/2282764
Vendor advisory: alma — https://bugzilla.redhat.com/2282757
Vendor advisory: alma — https://bugzilla.redhat.com/2282676
Vendor advisory: alma — https://bugzilla.redhat.com/2282669
Vendor advisory: alma — https://bugzilla.redhat.com/2282648
Vendor advisory: alma — https://bugzilla.redhat.com/2282511
Vendor advisory: alma — https://bugzilla.redhat.com/2282508
Vendor advisory: alma — https://bugzilla.redhat.com/2282440
Vendor advisory: alma — https://bugzilla.redhat.com/2282422
Vendor advisory: alma — https://bugzilla.redhat.com/2282401
Vendor advisory: alma — https://bugzilla.redhat.com/2282366
Vendor advisory: alma — https://bugzilla.redhat.com/2282357
Vendor advisory: alma — https://bugzilla.redhat.com/2282356
Vendor advisory: alma — https://bugzilla.redhat.com/2282355
Vendor advisory: alma — https://bugzilla.redhat.com/2282354
Vendor advisory: alma — https://bugzilla.redhat.com/2282345
Vendor advisory: alma — https://bugzilla.redhat.com/2282324
Vendor advisory: alma — https://bugzilla.redhat.com/2281847
Vendor advisory: alma — https://bugzilla.redhat.com/2281807
Vendor advisory: alma — https://bugzilla.redhat.com/2281720
Vendor advisory: alma — https://bugzilla.redhat.com/2281704
Vendor advisory: alma — https://bugzilla.redhat.com/2281317
Vendor advisory: alma — https://bugzilla.redhat.com/2281217
Vendor advisory: alma — https://bugzilla.redhat.com/2278447
Vendor advisory: alma — https://bugzilla.redhat.com/2278270
Vendor advisory: alma — https://bugzilla.redhat.com/2278220
Vendor advisory: alma — https://bugzilla.redhat.com/2277171
Vendor advisory: alma — https://bugzilla.redhat.com/2275742
Vendor advisory: alma — https://bugzilla.redhat.com/2275690
Vendor advisory: alma — https://bugzilla.redhat.com/2275661
Vendor advisory: alma — https://bugzilla.redhat.com/2275558
Vendor advisory: alma — https://bugzilla.redhat.com/2273180
Vendor advisory: alma — https://bugzilla.redhat.com/2273148
Vendor advisory: alma — https://bugzilla.redhat.com/2273141
Vendor advisory: alma — https://bugzilla.redhat.com/2272793
Vendor advisory: alma — https://bugzilla.redhat.com/2271796
Vendor advisory: alma — https://bugzilla.redhat.com/2271648
Vendor advisory: alma — https://bugzilla.redhat.com/2270103
Vendor advisory: alma — https://bugzilla.redhat.com/2268295
Vendor advisory: alma — https://bugzilla.redhat.com/2267925
Vendor advisory: alma — https://bugzilla.redhat.com/2267916
Vendor advisory: alma — https://bugzilla.redhat.com/2267795
Vendor advisory: alma — https://bugzilla.redhat.com/2267041
Vendor advisory: alma — https://bugzilla.redhat.com/2267036
Vendor advisory: alma — https://bugzilla.redhat.com/2266750
Vendor advisory: alma — https://bugzilla.redhat.com/2266358
Vendor advisory: alma — https://bugzilla.redhat.com/2265838
Vendor advisory: alma — https://bugzilla.redhat.com/2265799
Vendor advisory: alma — https://bugzilla.redhat.com/2260038
Vendor advisory: alma — https://bugzilla.redhat.com/2258013
Vendor advisory: alma — https://bugzilla.redhat.com/2258012
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:7000
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-52817
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-52817.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:7001
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:7000
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:9315
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2394
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.64-1 |
| debian | bullseye | fixed | 5.10.205-1 |
| debian | forky | fixed | 6.6.8-1 |
| debian | sid | fixed | 6.6.8-1 |
| debian | trixie | fixed | 6.6.8-1 |
| almalinux | 8 | fixed | kernel-abi-stablelists-4.18.0-553.22.1.el8_10.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:9315
- https://errata.rockylinux.org/RLSA-2024:7000
- https://errata.rockylinux.org/RLSA-2024:7001
- https://www.suse.com/security/cve/CVE-2023-52817.html
- https://security-tracker.debian.org/tracker/CVE-2023-52817
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/2258012
- https://bugzilla.redhat.com/2258013
- https://bugzilla.redhat.com/2260038
- https://bugzilla.redhat.com/2265799
- https://bugzilla.redhat.com/2265838
- https://bugzilla.redhat.com/2266358
- https://bugzilla.redhat.com/2266750
- https://bugzilla.redhat.com/2267036
- https://bugzilla.redhat.com/2267041
- https://bugzilla.redhat.com/2267795
- https://bugzilla.redhat.com/2267916
- https://bugzilla.redhat.com/2267925
- https://bugzilla.redhat.com/2268295
- https://bugzilla.redhat.com/2270103
- https://bugzilla.redhat.com/2271648
- https://bugzilla.redhat.com/2271796
- https://bugzilla.redhat.com/2272793
- https://bugzilla.redhat.com/2273141
Verify integrity in audit chain (admin only). AS-IS.