CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

Published May 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix a null pointer access when the smcrreg pointer is NULL

In certain types of chips, such as VEGA20, reading the amdgpuregssmc file could result in an abnormal null pointer access when the smcrreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:

1. Navigate to the directory: /sys/kernel/debug/dri/0 2. Execute command: cat amdgpuregssmc 3. Exception Log:: [4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000 [4005007.702562] #PF: supervisor instruction fetch in kernel mode [4005007.702567] #PF: errorcode(0x0010) - not-present page [4005007.702570] PGD 0 P4D 0 [4005007.702576] Oops: 0010 [#1] SMP NOPTI [4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u [4005007.702590] RIP: 0010:0x0 [4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206 [4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68 [4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000 [4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980 [4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000 [4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000 [4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000 [4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0 [4005007.702633] Call Trace: [4005007.702636] <TASK> [4005007.702640] amdgpudebugfsregssmcread+0xb0/0x120 [amdgpu] [4005007.703002] fullproxyread+0x5c/0x80 [4005007.703011] vfsread+0x9f/0x1a0 [4005007.703019] ksysread+0x67/0xe0 [4005007.703023] x64sysread+0x19/0x20 [4005007.703028] dosyscall64+0x5c/0xc0 [4005007.703034] ? douseraddrfault+0x1e3/0x670 [4005007.703040] ? exittousermodeprepare+0x37/0xb0 [4005007.703047] ? irqentryexittousermode+0x9/0x20 [4005007.703052] ? irqentryexit+0x19/0x30 [4005007.703057] ? excpagefault+0x89/0x160 [4005007.703062] ? asmexcpagefault+0x8/0x30 [4005007.703068] entrySYSCALL64afterhwframe+0x44/0xae [4005007.703075] RIP: 0033:0x7f5e07672992 [4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24 [4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIGRAX: 0000000000000000 [4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992 [4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003 [4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010 [4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000 [4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 [4005007.703105] </TASK> [4005007.703107] Modules linked in: nftables libcrc32c nfnetlink algifhash afalg binfmtmisc nls iso88591 ipmissif ast intelraplmsr intelraplcommon drmvramhelper drmttmhelper amd64edac t tm edacmceamd kvmamd ccp machid k10temp kvm acpiipmi ipmisi rapl schfqcodel ipmidevintf ipm imsghandler msr parportpc ppdev lp parport mtd pstoreblk efipstore ramoops pstorezone reedsolo mon iptables xtables autofs4 ibuverbs ibcore amdgpu(OE) amddrmttmhelper(OE) amdttm(OE) iommuv 2 amdsched(OE) amdkcl(OE) drmkmshelper syscopyarea sysfillrect sysimgblt fbsysfops cec rccore drm igb ahci xhcipci libahci i2cpiix4 i2calgobit xhcipcirenesas dca [4005007.703184] CR2: 0000000000000000 [4005007.703188] ---[ en ---truncated---

Other sources

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix a null pointer access when the smcrreg pointer is NULL

The Linux kernel CVE team has assigned CVE-2023-52817 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052104-CVE-2023-52817-ba29@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference when the smcrreg pointer is NULL. An attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

19 affected componentsFixes available
redhat/kernel<4.19.300
4.19.300
redhat/kernel<5.4.262
5.4.262
redhat/kernel<5.10.202
5.10.202
redhat/kernel<5.15.140
5.15.140
redhat/kernel<6.1.64
6.1.64
redhat/kernel<6.5.13
6.5.13
redhat/kernel<6.6.3
6.6.3
redhat/kernel<6.7
6.7
Linux Linux kernel<4.19.300
Linux Linux kernel>=4.20<5.4.262
Linux Linux kernel>=5.5<5.10.202
Linux Linux kernel>=5.11<5.15.140
Linux Linux kernel>=5.16<6.1.64
Linux Linux kernel>=6.2<6.5.13
Linux Linux kernel>=6.6<6.6.3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455

Patch Available

https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9

Patch Available

https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad

Patch Available

https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736

Patch Available

https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288

Patch Available

https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996

Patch Available

https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398

Patch Available

https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a

Event History

May 21, 2024
CVE Published
via MITRE·03:31 PM
Data Sourced
via MITRE·03:31 PM
Description
Data Sourced
via NVD·04:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
May 22, 2024
Data Sourced
via Red Hat·06:15 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52817?

CVE-2023-52817 has a severity rating that indicates potential impact on certain Linux kernel versions due to null pointer dereference issues.

2

How do I fix CVE-2023-52817?

To fix CVE-2023-52817, update your Linux kernel to one of the following versions: 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, or 6.7.

3

Which Linux kernel versions are affected by CVE-2023-52817?

CVE-2023-52817 affects Linux kernel versions from 4.20 up to 6.6.3, with specific vulnerabilities in certain versions.

4

What mitigations are available for CVE-2023-52817?

It is recommended to update to the patched versions of the Linux kernel to fully mitigate CVE-2023-52817.

5

Does CVE-2023-52817 affect specific hardware?

Yes, CVE-2023-52817 specifically affects certain types of AMD GPUs, such as VEGA20, when accessing specific register files.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203