CVE-2023-53112

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915/sseu: fix max_subslices array-index-out-of-bounds access<br /> <br /> It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don&amp;#39;t try to store EU<br /> mask internally in UAPI format") exposed a potential out-of-bounds<br /> access, reported by UBSAN as following on a laptop with a gen 11 i915<br /> card:<br /> <br /> UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27<br /> index 6 is out of range for type &amp;#39;u16 [6]&amp;#39;<br /> CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu<br /> Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022<br /> Call Trace:<br /> <br /> show_stack+0x4e/0x61<br /> dump_stack_lvl+0x4a/0x6f<br /> dump_stack+0x10/0x18<br /> ubsan_epilogue+0x9/0x3a<br /> __ubsan_handle_out_of_bounds.cold+0x42/0x47<br /> gen11_compute_sseu_info+0x121/0x130 [i915]<br /> intel_sseu_info_init+0x15d/0x2b0 [i915]<br /> intel_gt_init_mmio+0x23/0x40 [i915]<br /> i915_driver_mmio_probe+0x129/0x400 [i915]<br /> ? intel_gt_probe_all+0x91/0x2e0 [i915]<br /> i915_driver_probe+0xe1/0x3f0 [i915]<br /> ? drm_privacy_screen_get+0x16d/0x190 [drm]<br /> ? acpi_dev_found+0x64/0x80<br /> i915_pci_probe+0xac/0x1b0 [i915]<br /> ...<br /> <br /> According to the definition of sseu_dev_info, eu_mask-&gt;hsw is limited to<br /> a maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but<br /> gen11_sseu_info_init() can potentially set 8 sub-slices, in the<br /> !IS_JSL_EHL(gt-&gt;i915) case.<br /> <br /> Fix this by reserving up to 8 slots for max_subslices in the eu_mask<br /> struct.<br /> <br /> (cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)