CVE-2023-52624

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. [How] Add dc_wake_and_execute_gpint() to wrap the wake, execute, sleep sequence. If the GPINT executes successfully then DMCUB will be put back into sleep after the optional response is returned. It functions similar to the inbox command interface.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d	Patch
https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21	Patch
https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d	Patch
https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

17 Mar 2025, 15:19

Type	Values Removed	Values Added
CWE		CWE-77
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d -~~	() https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d - Patch
References	~~() https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21 -~~	() https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::

Information

Published : 2024-03-26 18:15

Updated : 2025-03-17 15:19

NVD link : CVE-2023-52624

Mitre link : CVE-2023-52624

CVE.ORG link : CVE-2023-52624

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2023-52624", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-26T18:15:08.990", "references": [{"url": "https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before executing GPINT commands\n\n[Why]\nDMCUB can be in idle when we attempt to interface with the HW through\nthe GPINT mailbox resulting in a system hang.\n\n[How]\nAdd dc_wake_and_execute_gpint() to wrap the wake, execute, sleep\nsequence.\n\nIf the GPINT executes successfully then DMCUB will be put back into\nsleep after the optional response is returned.\n\nIt functions similar to the inbox command interface."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Activa DMCUB antes de ejecutar comandos GPINT [Por qu\u00e9] DMCUB puede estar inactivo cuando intentamos interactuar con el HW a trav\u00e9s del buz\u00f3n GPINT, lo que provoca un bloqueo del sistema. [C\u00f3mo] Agregue dc_wake_and_execute_gpint() para ajustar la secuencia de activaci\u00f3n, ejecuci\u00f3n y suspensi\u00f3n. Si GPINT se ejecuta correctamente, DMCUB volver\u00e1 a entrar en modo de suspensi\u00f3n despu\u00e9s de que se devuelva la respuesta opcional. Funciona de manera similar a la interfaz de comando de la bandeja de entrada."}], "lastModified": "2025-03-17T15:19:42.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13B1885-F67C-4943-BD88-9B68D2C3FF83", "versionEndExcluding": "6.7.3"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}