cve-2022-48704
Vulnerability from cvelistv5
Published
2024-05-03 17:45
Modified
2024-09-11 17:33
Severity ?
EPSS score ?
Summary
drm/radeon: add a force flush to delay work when radeon
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e25e8f27fdbdc6fd55cc572a9939bf24500b9e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0a45f41fde4a0f2c900f719817493ee5c4a5aa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c72d97146fc5a4dff381b1737f6167e89860430d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/826b46fd5974113515abe9e4fc8178009a8ce18c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a7a5b2edac4b05abd744eeaebda46d9dacd952d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16cb367daa446923d82e332537f446a4cc784b40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f461950fdc374a3ada5a63c669d997de4600dffe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:29.607532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b878da58df2c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4e25e8f27fdb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c0a45f41fde4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c72d97146fc5",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "826b46fd5974",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5a7a5b2edac4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "16cb367daa44",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f461950fdc37",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.328",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.293",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: add a force flush to delay work when radeon\n\nAlthough radeon card fence and wait for gpu to finish processing current batch rings,\nthere is still a corner case that radeon lockup work queue may not be fully flushed,\nand meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to\nput device in D3hot state.\nPer PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.\n\u003e Configuration and Message requests are the only TLPs accepted by a Function in\n\u003e the D3hot state. All other received Requests must be handled as Unsupported Requests,\n\u003e and all received Completions may optionally be handled as Unexpected Completions.\nThis issue will happen in following logs:\nUnable to handle kernel paging request at virtual address 00008800e0008010\nCPU 0 kworker/0:3(131): Oops 0\npc = [\u003cffffffff811bea5c\u003e] ra = [\u003cffffffff81240844\u003e] ps = 0000 Tainted: G W\npc is at si_gpu_check_soft_reset+0x3c/0x240\nra is at si_dma_is_lockup+0x34/0xd0\nv0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000\nt2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258\nt5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000\ns0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018\ns3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000\ns6 = fff00007ef07bd98\na0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008\na3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338\nt8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800\nt11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000\ngp = ffffffff81d89690 sp = 00000000aa814126\nDisabling lock debugging due to kernel taint\nTrace:\n[\u003cffffffff81240844\u003e] si_dma_is_lockup+0x34/0xd0\n[\u003cffffffff81119610\u003e] radeon_fence_check_lockup+0xd0/0x290\n[\u003cffffffff80977010\u003e] process_one_work+0x280/0x550\n[\u003cffffffff80977350\u003e] worker_thread+0x70/0x7c0\n[\u003cffffffff80977410\u003e] worker_thread+0x130/0x7c0\n[\u003cffffffff80982040\u003e] kthread+0x200/0x210\n[\u003cffffffff809772e0\u003e] worker_thread+0x0/0x7c0\n[\u003cffffffff80981f8c\u003e] kthread+0x14c/0x210\n[\u003cffffffff80911658\u003e] ret_from_kernel_thread+0x18/0x20\n[\u003cffffffff80981e40\u003e] kthread+0x0/0x210\n Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101\n \u003c88210000\u003e 4821ed21\nSo force lockup work queue flush to fix this problem."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:38.993Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe"
},
{
"url": "https://git.kernel.org/stable/c/4e25e8f27fdbdc6fd55cc572a9939bf24500b9e8"
},
{
"url": "https://git.kernel.org/stable/c/c0a45f41fde4a0f2c900f719817493ee5c4a5aa3"
},
{
"url": "https://git.kernel.org/stable/c/c72d97146fc5a4dff381b1737f6167e89860430d"
},
{
"url": "https://git.kernel.org/stable/c/826b46fd5974113515abe9e4fc8178009a8ce18c"
},
{
"url": "https://git.kernel.org/stable/c/5a7a5b2edac4b05abd744eeaebda46d9dacd952d"
},
{
"url": "https://git.kernel.org/stable/c/16cb367daa446923d82e332537f446a4cc784b40"
},
{
"url": "https://git.kernel.org/stable/c/f461950fdc374a3ada5a63c669d997de4600dffe"
}
],
"title": "drm/radeon: add a force flush to delay work when radeon",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48704",
"datePublished": "2024-05-03T17:45:51.299Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2024-09-11T17:33:27.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48704\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-03T18:15:08.353\",\"lastModified\":\"2024-05-06T12:44:56.377\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/radeon: add a force flush to delay work when radeon\\n\\nAlthough radeon card fence and wait for gpu to finish processing current batch rings,\\nthere is still a corner case that radeon lockup work queue may not be fully flushed,\\nand meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to\\nput device in D3hot state.\\nPer PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.\\n\u003e Configuration and Message requests are the only TLPs accepted by a Function in\\n\u003e the D3hot state. All other received Requests must be handled as Unsupported Requests,\\n\u003e and all received Completions may optionally be handled as Unexpected Completions.\\nThis issue will happen in following logs:\\nUnable to handle kernel paging request at virtual address 00008800e0008010\\nCPU 0 kworker/0:3(131): Oops 0\\npc = [\u003cffffffff811bea5c\u003e] ra = [\u003cffffffff81240844\u003e] ps = 0000 Tainted: G W\\npc is at si_gpu_check_soft_reset+0x3c/0x240\\nra is at si_dma_is_lockup+0x34/0xd0\\nv0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000\\nt2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258\\nt5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000\\ns0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018\\ns3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000\\ns6 = fff00007ef07bd98\\na0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008\\na3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338\\nt8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800\\nt11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000\\ngp = ffffffff81d89690 sp = 00000000aa814126\\nDisabling lock debugging due to kernel taint\\nTrace:\\n[\u003cffffffff81240844\u003e] si_dma_is_lockup+0x34/0xd0\\n[\u003cffffffff81119610\u003e] radeon_fence_check_lockup+0xd0/0x290\\n[\u003cffffffff80977010\u003e] process_one_work+0x280/0x550\\n[\u003cffffffff80977350\u003e] worker_thread+0x70/0x7c0\\n[\u003cffffffff80977410\u003e] worker_thread+0x130/0x7c0\\n[\u003cffffffff80982040\u003e] kthread+0x200/0x210\\n[\u003cffffffff809772e0\u003e] worker_thread+0x0/0x7c0\\n[\u003cffffffff80981f8c\u003e] kthread+0x14c/0x210\\n[\u003cffffffff80911658\u003e] ret_from_kernel_thread+0x18/0x20\\n[\u003cffffffff80981e40\u003e] kthread+0x0/0x210\\n Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101\\n \u003c88210000\u003e 4821ed21\\nSo force lockup work queue flush to fix this problem.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: agregue un vaciado forzado para retrasar el trabajo cuando radeon. Aunque la tarjeta radeon protege y espera a que la gpu termine de procesar los anillos de lotes actuales, todav\u00eda existe un caso de esquina en el que el bloqueo de radeon funciona. Es posible que la cola no se haya vaciado por completo y, mientras tanto, la funci\u00f3n radeon_suspend_kms() ha llamado a pci_set_power_state() para poner el dispositivo en estado D3hot. Seg\u00fan la especificaci\u00f3n PCI rev 4.0 en 5.3.1.4.1 D3hot State. \u0026gt; Las solicitudes de configuraci\u00f3n y mensajes son los \u00fanicos TLP aceptados por una funci\u00f3n en \u0026gt; el estado D3hot. Todas las dem\u00e1s Solicitudes recibidas deben manejarse como Solicitudes no admitidas y todas las Finalizaciones recibidas pueden, opcionalmente, manejarse como Finalizaciones inesperadas. Este problema ocurrir\u00e1 en los siguientes registros: No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 00008800e0008010 CPU 0 kworker/0:3(131): Ups 0 pc = [] ra = [] ps = 0000 Contaminado: GW pc est\u00e1 en si_gpu_check_soft_reset+0x3c/0x240 ra est\u00e1 en si_dma_is_lockup+0x34/0xd0 v0 = 0000000000000000 t0 = fff08800e0008010 t1 = 000000000010000 t2 = 000000000000 8010 t3 = fff00007e3c00000 t4 = fff00007e3c00258 t5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000 s0 = fff00007e3c016e8 s1 = fff0000 7e3c00000 s2 = fff00007e3c00018 s3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000 s6 = fff00007ef07bd98 a0 = fff00007e3c00000 a1 = fff00007 e3c016e8 a2 = 0000000000000008 a3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338 t8 = 0000000000000275 t9 = ffffffff809b66f8 ff6769c5d964b800 t11= 000000000000b886 pv = ffffffff811bea20 en = 0000000000000000 gp = ffffffff81d89690 sp = 00000000aa814126 Deshabilitando la depuraci\u00f3n de bloqueo debido a corrupci\u00f3n del kernel Seguimiento: [] si_dma_is_lockup+0x34/0xd0 [] _check_lockup+0xd0/0x290 [] proceso_one_work+0x280/0x550 [ ] hilo_trabajador+0x70/0x7c0 [] hilo_trabajador+0x130/0x7c0 [] kthread+0x200/0x210 [] hilo_trabajador+0x0/0x7c0 [] kthread+0x14c/0x210 [ ] ret_from_kernel_thread+0x18/0x20 [] kthread+0x0/0x210 C\u00f3digo: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101 \u0026lt;88210000\u0026gt; 4821ed21 Entonces forzar el bloqueo vaciar la cola de trabajo para solucionar este problema.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/16cb367daa446923d82e332537f446a4cc784b40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4e25e8f27fdbdc6fd55cc572a9939bf24500b9e8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5a7a5b2edac4b05abd744eeaebda46d9dacd952d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/826b46fd5974113515abe9e4fc8178009a8ce18c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c0a45f41fde4a0f2c900f719817493ee5c4a5aa3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c72d97146fc5a4dff381b1737f6167e89860430d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f461950fdc374a3ada5a63c669d997de4600dffe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.