DEBIAN-CVE-2024-50177

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursorwidth is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as below: [ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2core/dml2coredcn4calcs.c:3312:34 [ 40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int' [ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024 [ 40.962856] Call Trace: [ 40.962857] <TASK> [ 40.962860] dumpstacklvl+0x48/0x70 [ 40.962870] dumpstack+0x10/0x20 [ 40.962872] _ubsanhandleshiftoutofbounds+0x1ac/0x360 [ 40.962878] calculatecursorreqattributes.cold+0x1b/0x28 [amdgpu] [ 40.963099] dmlcoremodesupport+0x6b91/0x16bc0 [amdgpu] [ 40.963327] ? srsoaliasreturnthunk+0x5/0x7f [ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu] [ 40.963534] ? srsoaliasreturnthunk+0x5/0x7f [ 40.963536] ? dmlcoremodesupport+0xb3db/0x16bc0 [amdgpu] [ 40.963730] dml2corecalcsmodesupportex+0x2c/0x90 [amdgpu] [ 40.963906] ? srsoaliasreturnthunk+0x5/0x7f [ 40.963909] ? dml2corecalcsmodesupportex+0x2c/0x90 [amdgpu] [ 40.964078] coredcn4modesupport+0x72/0xbf0 [amdgpu] [ 40.964247] dml2topoptimizationperformoptimizationphase+0x1d3/0x2a0 [amdgpu] [ 40.964420] dml2buildmodeprogramming+0x23d/0x750 [amdgpu] [ 40.964587] dml21validate+0x274/0x770 [amdgpu] [ 40.964761] ? srsoaliasreturnthunk+0x5/0x7f [ 40.964763] ? resourceappenddpppipesforplanecomposition+0x27c/0x3b0 [amdgpu] [ 40.964942] dml2validate+0x504/0x750 [amdgpu] [ 40.965117] ? dml21copy+0x95/0xb0 [amdgpu] [ 40.965291] ? srsoaliasreturnthunk+0x5/0x7f [ 40.965295] dcn401validatebandwidth+0x4e/0x70 [amdgpu] [ 40.965491] updateplanesandstreamstate+0x38d/0x5c0 [amdgpu] [ 40.965672] updateplanesandstreamv3+0x52/0x1e0 [amdgpu] [ 40.965845] ? srsoaliasreturnthunk+0x5/0x7f [ 40.965849] dcupdateplanesand_stream+0x71/0xb0 [amdgpu] Fix this by adding a guard for checking cursor width before triggering the size calculation.