CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix division by zero in setupdscconfig

When sliceheight is 0, the division by sliceheight in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero.

The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected.

kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? dotrap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setupdscconfig (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dcdsc.c:1053) amdgpu kernel: ? doerrortrap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setupdscconfig (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dcdsc.c:1053) amdgpu kernel: ? excdivideerror (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setupdscconfig (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dcdsc.c:1053) amdgpu kernel: ? asmexcdivideerror (./arch/x86/include/asm/idtentry.h:548) kernel: ? setupdscconfig (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dcdsc.c:1053) amdgpu kernel: dcdsccomputeconfig (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dcdsc.c:1109) amdgpu

After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113.