CVE-2025-38091

Description

In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: check stream id dml21 wrapper to get plane_id[Why & How]Fix a false positive warning which occurs due to lack of correct checkswhen querying plane_id in DML21. This fixes the warning when performing amode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu][ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu][ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu][ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 <0f> 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0[ 35.751806] PKRU: 55555554[ 35.751807] Call Trace:[ 35.751810] [ 35.751816] show_regs+0x6c/0x80[ 35.751820] __warn+0x88/0x140[ 35.751822] dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu][ 35.751964] report_bug+0x182/0x1b0[ 35.751969] handle_bug+0x6e/0xb0[ 35.751972] exc_invalid_op+0x18/0x80[ 35.751974] asm_exc_invalid_op+0x1b/0x20[ 35.751978] dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu][ 35.752117] math_pow+0x48/0xa0 [amdgpu][ 35.752256] srso_alias_return_thunk+0x5/0xfbef5[ 35.752260] math_pow+0x48/0xa0 [amdgpu][ 35.752400] srso_alias_return_thunk+0x5/0xfbef5[ 35.752403] math_pow+0x11/0xa0 [amdgpu][ 35.752524] srso_alias_return_thunk+0x5/0xfbef5[ 35.752526] core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu][ 35.752663] srso_alias_return_thunk+0x5/0xfbef5[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu](cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)

Risk Information

Associated Vulnerability

Patch Details

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234