CVE-2022-49203

DC will clear the link encoder assignments as part of current state (but not the backup, since it was a copied before the commit) and free the extra stream reference it held.

DC requires that the link encoder assignments remain cleared/invalid prior to commiting. Since the backup still has valid assignments we call the interface post reset to clear them. This routine also releases the extra reference that the link encoder interface held - resulting in a double free (and eventually a NULL pointer dereference).

[How] We'll have to do a full DC commit anyway after GPU reset because the stream count previously went to 0.

We don't need to retain the assignment that we had backed up, so just copy off of the now clean current state assignment after the reset has occcurred with the new linkenccfg_copy() interface.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6d63fcc2a334f7bd15e4e9b1db50a19335d2af4f

Fixed

bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6d63fcc2a334f7bd15e4e9b1db50a19335d2af4f

Fixed

32685b32d825ca08c5dec826477332df886c4743

Affected versions

v5.*

v5.16

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac",
            "digest": {
                "length": 2904.0,
                "function_hash": "283870371019730143151020994656744223952"
            },
            "deprecated": false,
            "id": "CVE-2022-49203-05273b45",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "dm_resume",
                "file": "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32685b32d825ca08c5dec826477332df886c4743",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "110162525032051322451560383280792071302",
                    "251597526113949753842808438721535472068",
                    "171523206970068093548071175915319439322"
                ]
            },
            "deprecated": false,
            "id": "CVE-2022-49203-052de22d",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/inc/link_enc_cfg.h"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32685b32d825ca08c5dec826477332df886c4743",
            "digest": {
                "length": 2904.0,
                "function_hash": "283870371019730143151020994656744223952"
            },
            "deprecated": false,
            "id": "CVE-2022-49203-2a691ce6",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "dm_resume",
                "file": "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32685b32d825ca08c5dec826477332df886c4743",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "213206886115194551624748771775002213116",
                    "290933207097618302894543319296054433314",
                    "55617704035077012539740304373890462211"
                ]
            },
            "deprecated": false,
            "id": "CVE-2022-49203-33047c50",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/core/dc_link_enc_cfg.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "110162525032051322451560383280792071302",
                    "251597526113949753842808438721535472068",
                    "171523206970068093548071175915319439322"
                ]
            },
            "deprecated": false,
            "id": "CVE-2022-49203-8db5dd4f",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/inc/link_enc_cfg.h"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "119149939581299467918025654321205933553",
                    "233438637028958380639783317365487330404",
                    "231585238053543799515810963152856549697",
                    "150439063926737064289909874871738912955"
                ]
            },
            "deprecated": false,
            "id": "CVE-2022-49203-ca64964c",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "213206886115194551624748771775002213116",
                    "290933207097618302894543319296054433314",
                    "55617704035077012539740304373890462211"
                ]
            },
            "deprecated": false,
            "id": "CVE-2022-49203-ee96d409",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/core/dc_link_enc_cfg.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32685b32d825ca08c5dec826477332df886c4743",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "119149939581299467918025654321205933553",
                    "233438637028958380639783317365487330404",
                    "231585238053543799515810963152856549697",
                    "150439063926737064289909874871738912955"
                ]
            },
            "deprecated": false,
            "id": "CVE-2022-49203-f9797e43",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
            }
        }
    ]
}

CVE-2022-49203

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v5.*

Database specific

Linux / Kernel

Package

Affected ranges