CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:

1. Navigate to the directory: /sys/kernel/debug/dri/0
2. Execute command: cat amdgpu_regs_smc
3. Exception Log::
[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000
[4005007.702562] #PF: supervisor instruction fetch in kernel mode
[4005007.702567] #PF: error_code(0x0010) - not-present page
[4005007.702570] PGD 0 P4D 0
[4005007.702576] Oops: 0010 [#1] SMP NOPTI
[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u
[4005007.702590] RIP: 0010:0x0
[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206
[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68
[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000
[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980
[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000
[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000
[4005007.702622] FS: 0000...

Classification

CVE ID: CVE-2023-52817

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.06% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398
https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9
https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a
https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455
https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736
https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288
https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996
https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad

Timeline

2024-12-20 00:32:15 UTC
CVE

drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL